diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5fc2d15 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ypserv-2.31.tar.bz2 diff --git a/.ypserv.metadata b/.ypserv.metadata new file mode 100644 index 0000000..8014465 --- /dev/null +++ b/.ypserv.metadata @@ -0,0 +1 @@ +a685fe0c5ee2842752d11187ed2fb35fce2b37cb SOURCES/ypserv-2.31.tar.bz2 diff --git a/SOURCES/rpc.yppasswdd.env b/SOURCES/rpc.yppasswdd.env new file mode 100644 index 0000000..0dabb6c --- /dev/null +++ b/SOURCES/rpc.yppasswdd.env @@ -0,0 +1,30 @@ +#!/bin/bash +# +# Author: Honza Horak +# Date: 2011/11/25 +# Package: ypserv +# +# This script is part of ypserv package. +# We need to pass all environment variables set in /etc/sysconfig/yppasswdd +# to rpc.yppasswdd daemon, but only if they are not empty. However, this +# simple logic is not supported by systemd. +# This script wraps the main binary, prepares YPPASSWDD_ARGS variable +# to include all necessary variables (ETCDIR, PASSWDFILE and SHADOWFILE) +# and passes this variable to daemon. +# The script ensures, that the rpc.yppasswdd arguments are not used in case +# the appropriate environment variables are empty. + +if [ "$ETCDIR" ]; then + YPPASSWDD_ARGS="$YPPASSWDD_ARGS -D $ETCDIR" +fi + +if [ "$PASSWDFILE" ]; then + YPPASSWDD_ARGS="$YPPASSWDD_ARGS -p $PASSWDFILE" +fi + +if [ "$SHADOWFILE" ]; then + YPPASSWDD_ARGS="$YPPASSWDD_ARGS -s $SHADOWFILE" +fi + +exec /usr/sbin/rpc.yppasswdd -f $YPPASSWDD_ARGS + diff --git a/SOURCES/yppasswdd-pre-setdomain b/SOURCES/yppasswdd-pre-setdomain new file mode 100644 index 0000000..b72ba15 --- /dev/null +++ b/SOURCES/yppasswdd-pre-setdomain @@ -0,0 +1,21 @@ +#!/bin/sh +# +# yppasswdd-pre-setdomain +# +# description: This is part of former ypserv init script, which is used +# to setup proper domainname before starting yppasswdd daemon +# itself. If $NISDOMAIN is not defined, it fails. +# + +DOMAINNAME=`domainname` +if [ "$DOMAINNAME" = "(none)" -o "$DOMAINNAME" = "" ]; then + echo -n $"Setting NIS domain: " + if [ -n "$NISDOMAIN" ]; then + domainname $NISDOMAIN + echo $"'$NISDOMAIN' (environment variable)" + else # no domainname found + logger -t yppasswdd $"domain not found" + exit 1 + fi +fi + diff --git a/SOURCES/yppasswdd.service b/SOURCES/yppasswdd.service new file mode 100644 index 0000000..e83c5d0 --- /dev/null +++ b/SOURCES/yppasswdd.service @@ -0,0 +1,16 @@ +[Unit] +Description=NIS/YP (Network Information Service) Users Passwords Change Server +Requires=rpcbind.service +After=syslog.target network.target rpcbind.service + +[Service] +Type=notify +NotifyAccess=all +EnvironmentFile=-/etc/sysconfig/network +EnvironmentFile=-/etc/sysconfig/yppasswdd +ExecStartPre=/usr/libexec/yppasswdd-pre-setdomain +ExecStart=/usr/libexec/rpc.yppasswdd.env +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/ypserv-2.13-nonedomain.patch b/SOURCES/ypserv-2.13-nonedomain.patch new file mode 100644 index 0000000..b1f2a7f --- /dev/null +++ b/SOURCES/ypserv-2.13-nonedomain.patch @@ -0,0 +1,22 @@ +diff -up ./scripts/ypMakefile.in.nonedomain ./scripts/ypMakefile.in +--- ./scripts/ypMakefile.in.nonedomain 2013-05-06 18:30:46.772434725 +0200 ++++ ./scripts/ypMakefile.in 2013-05-06 18:31:59.429495323 +0200 +@@ -106,10 +106,18 @@ NETMASKS = $(YPSRCDIR)/netmasks + YPSERVERS = $(YPDIR)/ypservers # List of all NIS servers for a domain + + target: Makefile ++ifeq ($(shell /bin/domainname), (none)) ++ @echo "Domain name cannot be (none)" ++else ++ifeq ($(shell /bin/domainname), ) ++ @echo "Domain name must be set" ++else + @test ! -d $(LOCALDOMAIN) && mkdir $(LOCALDOMAIN) ; \ + cd $(LOCALDOMAIN) ; \ + $(NOPUSH) || $(MAKE) -f ../Makefile ypservers; \ + $(MAKE) -f ../Makefile all ++endif ++endif + + # If you don't want some of these maps built, feel free to comment + # them out from this list. diff --git a/SOURCES/ypserv-2.13-ypxfr-zeroresp.patch b/SOURCES/ypserv-2.13-ypxfr-zeroresp.patch new file mode 100644 index 0000000..33c6623 --- /dev/null +++ b/SOURCES/ypserv-2.13-ypxfr-zeroresp.patch @@ -0,0 +1,11 @@ +diff -up ./ypxfr/ypxfr.c.ypxfr-zeroresp ./ypxfr/ypxfr.c +--- ./ypxfr/ypxfr.c.ypxfr-zeroresp 2013-04-10 16:43:21.000000000 +0200 ++++ ./ypxfr/ypxfr.c 2013-05-06 18:31:36.875476520 +0200 +@@ -415,6 +415,7 @@ ypxfr (char *map, char *source_host, cha + struct hostent *h; + int sock, result; + ++ memset(&resp_val, '\0', sizeof(resp_val)); + /* Name of the map file */ + if (strlen (path_ypdb) + strlen (target_domain) + strlen (map) + 3 < MAXPATHLEN) + sprintf (dbName_orig, "%s/%s/%s", path_ypdb, target_domain, map); diff --git a/SOURCES/ypserv-2.19-slp-warning.patch b/SOURCES/ypserv-2.19-slp-warning.patch new file mode 100644 index 0000000..6104c7b --- /dev/null +++ b/SOURCES/ypserv-2.19-slp-warning.patch @@ -0,0 +1,15 @@ +diff -up ./etc/ypserv.conf.slp-warning ./etc/ypserv.conf +--- ./etc/ypserv.conf.slp-warning 2006-10-12 13:03:32.000000000 +0200 ++++ ./etc/ypserv.conf 2013-05-06 18:32:16.581509617 +0200 +@@ -13,9 +13,9 @@ + files: 30 + + # Should we register ypserv with SLP ? +-slp: no ++# slp: no + # After how many seconds we should re-register ypserv with SLP ? +-slp_timeout: 3600 ++# slp_timeout: 3600 + + # xfr requests are only allowed from ports < 1024 + xfr_check_port: yes diff --git a/SOURCES/ypserv-2.19-ypchsh-adjunct.patch b/SOURCES/ypserv-2.19-ypchsh-adjunct.patch new file mode 100644 index 0000000..8edcb61 --- /dev/null +++ b/SOURCES/ypserv-2.19-ypchsh-adjunct.patch @@ -0,0 +1,13 @@ +--- ypserv-2.19/rpc.yppasswdd/update.c 2018-08-22 12:28:08.745629282 +0200 ++++ ypserv-2.19/rpc.yppasswdd/update.c 2018-08-22 12:28:36.424079754 +0200 +@@ -604,7 +604,9 @@ + !((yppw->newpw.pw_passwd[0] == 'x' || + yppw->newpw.pw_passwd[0] == '*') && + yppw->newpw.pw_passwd[1] == '\0') && +- yppw->newpw.pw_passwd[0] != '\0') ++ yppw->newpw.pw_passwd[0] != '\0' && ++ !(yppw->newpw.pw_passwd[0] == '#' && ++ yppw->newpw.pw_passwd[1] == '#')) + { + #ifdef HAVE_GETSPNAM /* shadow password */ + if (spw) diff --git a/SOURCES/ypserv-2.21-path.patch b/SOURCES/ypserv-2.21-path.patch new file mode 100644 index 0000000..e0e65c0 --- /dev/null +++ b/SOURCES/ypserv-2.21-path.patch @@ -0,0 +1,12 @@ +diff -up ypserv-2.26/scripts/Makefile.am.path ypserv-2.26/scripts/Makefile.am +--- ypserv-2.26/scripts/Makefile.am.path 2012-01-12 15:46:16.868219281 +0100 ++++ ypserv-2.26/scripts/Makefile.am 2012-01-12 15:46:34.786218054 +0100 +@@ -8,7 +8,7 @@ CLEANFILES = *~ ${SCRIPTS} + + EXTRA_DIST = ${MANS} ${XMLS} + +-varypdir = /var/yp ++varypdir = $(prefix)/../var/yp + + man_MANS = pwupdate.8 ypinit.8 + XMLS = pwupdate.8.xml ypinit.8.xml diff --git a/SOURCES/ypserv-2.24-aliases.patch b/SOURCES/ypserv-2.24-aliases.patch new file mode 100644 index 0000000..9d00269 --- /dev/null +++ b/SOURCES/ypserv-2.24-aliases.patch @@ -0,0 +1,34 @@ +diff -up ./acinclude.m4.aliases ./acinclude.m4 +--- ./acinclude.m4.aliases 2005-04-07 14:38:44.000000000 +0200 ++++ ./acinclude.m4 2013-05-06 18:32:54.423541141 +0200 +@@ -92,3 +92,18 @@ AC_DEFUN([TYPE_SOCKLEN_T], + AC_DEFINE([socklen_t], [int], [Define if socklen_t is missing]) + fi + ]) ++ ++ ++dnl ++dnl Find where aliases file is located ++dnl It can be in /etc/aliases or /etc/mail/aliases ++dnl If file path is specified in argument and file path exists, it is used. ++dnl ++AC_DEFUN([FIND_ALIASES_PATH], [ ++AC_MSG_CHECKING(for aliases file path) ++tmp_aliases="$1" ++test -f /etc/mail/aliases && tmp_aliases="/etc/mail/aliases" ++test -f /etc/aliases && tmp_aliases="/etc/aliases" ++AC_MSG_RESULT($tmp_aliases) ++AC_SUBST(ALIASES, $tmp_aliases) ++]) +diff -up ./configure.in.aliases ./configure.in +--- ./configure.in.aliases 2013-04-11 11:26:22.000000000 +0200 ++++ ./configure.in 2013-05-06 18:32:54.482541191 +0200 +@@ -151,7 +151,7 @@ fi + AC_SUBST(MAKE) + + dnl Check for aliases path +-AC_PATH_PROG(ALIASES, aliases, /etc/mail/aliases, /etc/mail:/etc) ++FIND_ALIASES_PATH(/etc/aliases) + + + diff --git a/SOURCES/ypserv-2.24-manfix.patch b/SOURCES/ypserv-2.24-manfix.patch new file mode 100644 index 0000000..5180ef8 --- /dev/null +++ b/SOURCES/ypserv-2.24-manfix.patch @@ -0,0 +1,92 @@ +diff -up ./rpc.yppasswdd/rpc.yppasswdd.8.manfix ./rpc.yppasswdd/rpc.yppasswdd.8 +--- ./rpc.yppasswdd/rpc.yppasswdd.8.manfix 2013-04-10 10:30:53.000000000 +0200 ++++ ./rpc.yppasswdd/rpc.yppasswdd.8 2013-05-06 18:32:35.682525532 +0200 +@@ -53,6 +53,15 @@ customized for that NIS domain\. If no s + \fBMakefile\fR + is found, the scripts uses the generic one in + \fI/var/yp\fR\. ++.PP ++It is possible to pass ++\fBOPTIONS\fR ++to ++\fBrpc.yppasswdd\fR ++using the environment variable ++YPPASSWDD_ARGS ++and this variable can be set in ++\fB/etc/sysconfig/yppasswdd\fR\&. + .SH "OPTIONS" + .PP + The following options are available: +@@ -186,6 +195,8 @@ version\ 3\. Better still, look at + \fI/etc/passwd\fR + + \fI/etc/shadow\fR ++ ++\fI/etc/sysconfig/yppasswdd\fR + .SH "SEE ALSO" + .PP + +diff -up ./rpc.ypxfrd/rpc.ypxfrd.8.manfix ./rpc.ypxfrd/rpc.ypxfrd.8 +--- ./rpc.ypxfrd/rpc.ypxfrd.8.manfix 2013-04-10 10:30:53.000000000 +0200 ++++ ./rpc.ypxfrd/rpc.ypxfrd.8 2013-05-06 18:32:35.693525541 +0200 +@@ -47,6 +47,16 @@ could be started by inetd\. But since it + \fBypserv\fR + from + \fB/etc/init\.d/ypxfrd\fR\. ++ ++It is possible to pass ++\fBOPTIONS\fR ++to ++\fBrpc.ypxfrd\fR ++using the environment variable ++YPXFRD_ARGS ++and this variable can be set in ++\fB/etc/sysconfig/network\&.\fR ++ + .SH "OPTIONS" + .PP + \fB\-\-debug\fR +@@ -114,6 +124,12 @@ Configuration file for options and acces + .RS 4 + Configuration file for access rights + .RE ++.PP ++\fI/etc/sysconfig/network\fR ++.RS 4 ++Setting additional arguments to ++\fBrpc\.ypxfrd\fR\&. ++.RE + .SH "SEE ALSO" + .PP + +diff -up ./ypserv/ypserv.8.manfix ./ypserv/ypserv.8 +--- ./ypserv/ypserv.8.manfix 2013-04-10 10:30:53.000000000 +0200 ++++ ./ypserv/ypserv.8 2013-05-06 18:32:35.705525551 +0200 +@@ -56,6 +56,14 @@ may or may not be running on the same no + \fBypserv\fR + parses the file + /etc/ypserv\&.conf\&. ++It is also possible to pass ++\fBOPTIONS\fR ++to ++\fBypserv\fR ++using the environment variable ++YPSERV_ARGS ++and this variable can be set in ++\fB/etc/sysconfig/network\&.\fR + .SH "OPTIONS" + .PP + \fB\-d\fR, \fB\-\-debug +@@ -149,6 +157,12 @@ configuration file\&. + which hosts are allowed to contact + \fBypserv\fR\&. + .RE ++.PP ++/etc/sysconfig/network ++.RS 4 ++setting additional arguments to ++\fBypserv\fR\&. ++.RE + .SH "SEE ALSO" + .PP + \fBdomainname\fR(1), diff --git a/SOURCES/ypserv-2.27-confpost.patch b/SOURCES/ypserv-2.27-confpost.patch new file mode 100644 index 0000000..c5873cf --- /dev/null +++ b/SOURCES/ypserv-2.27-confpost.patch @@ -0,0 +1,17 @@ +diff -up ./conf_post.h.confpost ./conf_post.h +--- ./conf_post.h.confpost 2012-04-17 15:47:28.000000000 +0200 ++++ ./conf_post.h 2013-05-06 18:34:54.274640856 +0200 +@@ -8,3 +8,13 @@ + #define HAVE_COMPAT_LIBGDBM + #endif + ++/* Define common preprocessor symbol for HAVE_LIBGDBM and HAVE_LIBQDBM, since ++ * libraries gdbm and qdbm have same symbol names. */ ++#undef HAVE_COMPAT_LIBGDBM ++#ifdef HAVE_LIBGDBM ++#define HAVE_COMPAT_LIBGDBM ++#endif ++#ifdef HAVE_LIBQDBM ++#define HAVE_COMPAT_LIBGDBM ++#endif ++ diff --git a/SOURCES/ypserv-2.29-relro.patch b/SOURCES/ypserv-2.29-relro.patch new file mode 100644 index 0000000..390d497 --- /dev/null +++ b/SOURCES/ypserv-2.29-relro.patch @@ -0,0 +1,48 @@ +diff -up ./rpc.yppasswdd/Makefile.am.relro ./rpc.yppasswdd/Makefile.am +--- ./rpc.yppasswdd/Makefile.am.relro 2013-04-11 11:25:34.000000000 +0200 ++++ ./rpc.yppasswdd/Makefile.am 2013-05-06 18:48:10.888711995 +0200 +@@ -24,6 +24,8 @@ sbin_PROGRAMS = rpc.yppasswdd + + rpc_yppasswdd_SOURCES = update.c yppasswd_xdr.c yppasswdd.c + ++rpc_yppasswdd_LDFLAGS = -Wl,-z,relro,-z,now ++ + rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) $(LIBSYSTEMD_DAEMON) + rpc_yppasswdd_CFLAGS = @PIE_CFLAGS@ + +diff -up ./rpc.ypxfrd/Makefile.am.relro ./rpc.ypxfrd/Makefile.am +--- ./rpc.ypxfrd/Makefile.am.relro 2013-04-09 16:38:20.000000000 +0200 ++++ ./rpc.ypxfrd/Makefile.am 2013-05-06 18:46:36.455683217 +0200 +@@ -22,6 +22,8 @@ sbin_PROGRAMS = rpc.ypxfrd + + rpc_ypxfrd_SOURCES = ypxfrd.c ypxfrd_server.c ypxfrd_svc.c + ++rpc_ypxfrd_LDFLAGS = -Wl,-z,relro,-z,now ++ + rpc_ypxfrd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a @LIBDBM@ $(LIBSYSTEMD_DAEMON) + rpc_ypxfrd_CFLAGS = @PIE_CFLAGS@ + +diff -up ./yppush/Makefile.am.relro ./yppush/Makefile.am +--- ./yppush/Makefile.am.relro 2009-04-02 14:15:35.000000000 +0200 ++++ ./yppush/Makefile.am 2013-05-06 18:46:36.456683217 +0200 +@@ -21,6 +21,8 @@ sbin_PROGRAMS = yppush + + yppush_SOURCES = yppush.c + ++yppush_LDFLAGS = -Wl,-z,relro,-z,now ++ + yppush_LDADD = @PIE_LDFLAGS@ @LIBDBM@ $(top_builddir)/lib/libyp.a + yppush_CFLAGS = @PIE_CFLAGS@ + +diff -up ./ypserv/Makefile.am.relro ./ypserv/Makefile.am +--- ./ypserv/Makefile.am.relro 2013-04-09 16:38:20.000000000 +0200 ++++ ./ypserv/Makefile.am 2013-05-06 18:46:36.457683217 +0200 +@@ -22,6 +22,8 @@ sbin_PROGRAMS = ypserv + + ypserv_SOURCES = ypserv.c server.c ypserv_xdr.c reg_slp.c + ++ypserv_LDFLAGS = -Wl,-z,relro,-z,now ++ + ypserv_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a @LIBDBM@ @LIBSLP@ $(LIBSYSTEMD_DAEMON) + ypserv_CFLAGS = @PIE_CFLAGS@ + diff --git a/SOURCES/ypserv-2.31-map-update.patch b/SOURCES/ypserv-2.31-map-update.patch new file mode 100644 index 0000000..f7a235d --- /dev/null +++ b/SOURCES/ypserv-2.31-map-update.patch @@ -0,0 +1,16 @@ +https://github.com/thkukuk/ypserv/pull/2 +diff --git a/ypxfr/ypxfr.c b/ypxfr/ypxfr.c +index 358ac8d..d44773b 100644 +--- a/ypxfr/ypxfr.c ++++ b/ypxfr/ypxfr.c +@@ -517,8 +517,8 @@ ypxfr (char *map, char *source_host, char *source_domain, char *target_domain, + if (ypproc_order_2 (&req_nokey, &resp_order, clnt_udp) != RPC_SUCCESS) + { + log_msg (clnt_sperror (clnt_udp, "ypproc_order_2")); +- masterOrderNum = time (NULL); /* We set it to the current time. +- So a new map will be always newer. */ ++ clnt_destroy (clnt_udp); ++ return YPXFR_YPERR; + } + else if (resp_order.stat != YP_TRUE) + { diff --git a/SOURCES/ypserv-2.31-netgrprecur.patch b/SOURCES/ypserv-2.31-netgrprecur.patch new file mode 100644 index 0000000..1cdd9c3 --- /dev/null +++ b/SOURCES/ypserv-2.31-netgrprecur.patch @@ -0,0 +1,68 @@ +Upstream didn't accepted this patch and only replied that user should fix +the configuration. Since we believe that even if configuration is wrong, +program (especially daemon) shouldn't crash with segfault, we rather fix +this on our own to print a nice error when level of recursion exceeds 128. + +diff -up ypserv-2.31/revnetgroup/getnetgrent.c.recursive ypserv-2.31/revnetgroup/getnetgrent.c +--- ypserv-2.31/revnetgroup/getnetgrent.c.recursive 2013-05-17 12:37:08.143675080 +0200 ++++ ypserv-2.31/revnetgroup/getnetgrent.c 2013-05-17 14:20:49.376566354 +0200 +@@ -31,6 +31,8 @@ + + #include "hash.h" + ++#define NETGROUPENTRY_RECURSION_LIMIT 128 ++ + extern hash_t *input; + + void rev_setnetgrent (const char *); +@@ -53,7 +55,7 @@ struct netgrlist + }; + + +-static void rev_expand_netgroupentry (const char *, struct netgrlist *); ++static void rev_expand_netgroupentry (const char *, struct netgrlist *, int level); + static void rev_parse_entry (char *, char *, struct netgrlist *); + static void rev_netgr_free (struct netgrlist *); + static struct netgrlist list = {0, 0, NULL}; +@@ -83,7 +85,7 @@ rev_setnetgrent (const char *netgr) + { + rev_endnetgrent (); + netgroup = strdup (netgr); +- rev_expand_netgroupentry (netgr, &list); ++ rev_expand_netgroupentry (netgr, &list, 0); + } + first = 1; + } +@@ -141,7 +143,7 @@ rev_netgr_free (struct netgrlist *list) + } + + static void +-rev_expand_netgroupentry (const char *netgr, struct netgrlist *list) ++rev_expand_netgroupentry (const char *netgr, struct netgrlist *list, int level) + { + char *outval = NULL; + char *outptr = NULL; +@@ -156,6 +158,14 @@ rev_expand_netgroupentry (const char *ne + if (outptr == NULL) + return; + ++ /* check the recursion - return if we exceed the recursion limit */ ++ if (level >= NETGROUPENTRY_RECURSION_LIMIT) ++ { ++ fprintf (stderr, "WARNING: level of recursion in netgroup %s reached" ++ "%d, entry ignored\n", netgr, NETGROUPENTRY_RECURSION_LIMIT); ++ return; ++ } ++ + /* make a copy to work with */ + outval = strdup (outptr); + if (outval == NULL) +@@ -198,7 +208,7 @@ rev_expand_netgroupentry (const char *ne + *end = '\0'; + + /* recursion */ +- rev_expand_netgroupentry (start, list); ++ rev_expand_netgroupentry (start, list, level+1); + } + + /* skip to the next entry */ diff --git a/SOURCES/ypserv-2.31-open-correct-db.patch b/SOURCES/ypserv-2.31-open-correct-db.patch new file mode 100644 index 0000000..f1d2262 --- /dev/null +++ b/SOURCES/ypserv-2.31-open-correct-db.patch @@ -0,0 +1,14 @@ +https://github.com/thkukuk/ypserv/pull/3 +diff --git a/ypxfr/ypxfr.c b/ypxfr/ypxfr.c +index d44773b..b2ad875 100644 +--- a/ypxfr/ypxfr.c ++++ b/ypxfr/ypxfr.c +@@ -627,7 +627,7 @@ ypxfr (char *map, char *source_host, char *source_domain, char *target_domain, + dbm = dbm_open (dbName_temp, O_CREAT|O_RDWR, 0600); + #elif defined(HAVE_LIBTC) + dbm = tcbdbnew (); +- if (!tcbdbopen (dbm, dbName_orig, BDBOWRITER | BDBOCREAT | BDBOTRUNC)) ++ if (!tcbdbopen (dbm, dbName_temp, BDBOWRITER | BDBOCREAT | BDBOTRUNC)) + { + tcbdbdel (dbm); + dbm = NULL; diff --git a/SOURCES/ypserv-2.31-selinux-context.patch b/SOURCES/ypserv-2.31-selinux-context.patch new file mode 100644 index 0000000..6a5e3d8 --- /dev/null +++ b/SOURCES/ypserv-2.31-selinux-context.patch @@ -0,0 +1,210 @@ +--- ypserv-2.31/rpc.yppasswdd/Makefile.am.selinux-context 2016-01-25 15:39:35.038050672 +0100 ++++ ypserv-2.31/rpc.yppasswdd/Makefile.am 2016-01-25 15:39:56.203036632 +0100 +@@ -26,7 +26,7 @@ + + rpc_yppasswdd_LDFLAGS = -Wl,-z,relro,-z,now + +-rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) $(LIBSYSTEMD_DAEMON) ++rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) $(LIBSYSTEMD_DAEMON) $(LIBSELINUX) + rpc_yppasswdd_CFLAGS = @PIE_CFLAGS@ + + if ENABLE_REGENERATE_MAN +--- ypserv-2.31/configure.in.selinux-context.patch 2016-01-25 16:07:01.662180676 +0100 ++++ ypserv-2.31/configure.in 2016-01-25 16:07:57.116157640 +0100 +@@ -243,6 +243,26 @@ + echo "" + exit + fi ++AC_ARG_WITH(selinux, ++ [AC_HELP_STRING([--with-selinux@<:@=yes|no@:>@],[Enables SELinux support [no]])], ++ ++ [ if test "$withval" = "yes"; then ++ AC_CHECK_HEADERS([selinux/selinux.h], [], ++ [AC_MSG_ERROR([Missing SELinux header files])]) ++ AC_CHECK_LIB(selinux, setfilecon_raw, [], ++ [AC_MSG_ERROR([Missing or incorrect SELinux library])]) ++ AC_CHECK_LIB(selinux, getfilecon_raw, [], ++ [AC_MSG_ERROR([Missing or incorrect SELinux library])]) ++ AC_CHECK_LIB(selinux, freecon, [], ++ [AC_MSG_ERROR([Missing or incorrect SELinux library])]) ++ fi ++ ],[]) ++ ++AC_SUBST(with_selinux) ++if test "$with_selinux" = "yes"; then ++ AC_DEFINE(WITH_SELINUX, 1, [Define to 1 if SELinux support is enabled]) ++fi ++ + + AC_CHECK_LIB(xcrypt,crypt,LIBCRYPT="-lxcrypt",LIBCRYPT="") + if test -z "$LIBCRYPT" ; then +--- ypserv-2.31/rpc.yppasswdd/update.c.selinux-context 2013-04-10 16:42:51.000000000 +0200 ++++ ypserv-2.31/rpc.yppasswdd/update.c 2018-01-09 08:49:08.165461843 +0100 +@@ -42,6 +42,9 @@ + #ifdef HAVE_SHADOW_H + #include + #endif ++#ifdef WITH_SELINUX ++#include ++#endif /* WITH_SELINUX */ + #include "compat.h" + + #ifndef CHECKROOT +@@ -448,6 +451,9 @@ + FILE *oldpf = NULL, *newpf = NULL, *oldsf = NULL, *newsf = NULL; + struct stat passwd_stat, shadow_stat; + char *rootpass = "x"; ++#ifdef WITH_SELINUX ++ char *pSelCon = NULL; ++#endif /* WITH_SELINUX */ + + #if CHECKROOT + if ((pw = getpwnam ("root")) != NULL) +@@ -489,6 +495,7 @@ + return 1; + } + ++ + /* Open a temp passwd file */ + if ((newpf = fopen (path_passwd_tmp, "w+")) == NULL) + { +@@ -497,6 +504,7 @@ + fclose (oldpf); + return 1; + } ++ + chmod (path_passwd_tmp, passwd_stat.st_mode); + if (chown (path_passwd_tmp, passwd_stat.st_uid, passwd_stat.st_gid) == -1) + { +@@ -507,42 +515,104 @@ + return 1; + } + ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled() == 1) ++ { ++ /* Get selinux context of the original file */ ++ if (getfilecon_raw(path_passwd, &pSelCon) < 0) ++ { ++ log_msg ("%s failed", logbuf); ++ log_msg ("Can't get selinux context %s: %m", path_passwd); ++ freecon(pSelCon); ++ fclose (oldpf); ++ fclose (newpf); ++ unlink (path_passwd_tmp); ++ return 1; ++ } ++ ++ /* Set selinux context for tmp file */ ++ if (setfilecon_raw(path_passwd_tmp, pSelCon)) ++ { ++ log_msg ("%s failed", logbuf); ++ log_msg ("Can't set selinux context %s: %m", path_passwd_tmp); ++ freecon(pSelCon); ++ fclose (oldpf); ++ fclose (newpf); ++ unlink (path_passwd_tmp); ++ return 1; ++ } ++ freecon(pSelCon); ++ pSelCon=NULL; ++ } ++# endif /* WITH_SELINUX */ ++ + #ifdef HAVE_GETSPNAM + /* Open the shadow file for reading. */ + if ((oldsf = fopen (path_shadow, "r")) != NULL) + { + if (fstat (fileno (oldsf), &shadow_stat) < 0) +- { +- log_msg ("%s failed", logbuf); +- log_msg ("Can't stat %s: %m", path_shadow); +- fclose (oldpf); +- fclose (newpf); +- fclose (oldsf); +- return 1; +- } ++ { ++ log_msg ("%s failed", logbuf); ++ log_msg ("Can't stat %s: %m", path_shadow); ++ fclose (oldpf); ++ fclose (newpf); ++ fclose (oldsf); ++ return 1; ++ } ++ + + if ((newsf = fopen (path_shadow_tmp, "w+")) == NULL) +- { +- int err = errno; +- log_msg ("%s failed", logbuf); +- log_msg ("Can't open %s.tmp: %s", +- path_passwd, strerror (err)); +- fclose (oldsf); +- fclose (newpf); +- fclose (oldpf); +- return 1; +- } ++ { ++ int err = errno; ++ log_msg ("%s failed", logbuf); ++ log_msg ("Can't open %s.tmp: %s", ++ path_passwd, strerror (err)); ++ fclose (oldsf); ++ fclose (newpf); ++ fclose (oldpf); ++ return 1; ++ } + chmod (path_shadow_tmp, shadow_stat.st_mode); + if (chown (path_shadow_tmp, shadow_stat.st_uid, +- shadow_stat.st_gid) == -1) +- { +- log_msg ("chown failed", strerror (errno)); +- fclose (newsf); +- fclose (oldsf); +- fclose (newpf); +- fclose (oldpf); +- return 1; +- } ++ shadow_stat.st_gid) == -1) ++ { ++ log_msg ("chown failed", strerror (errno)); ++ fclose (newsf); ++ fclose (oldsf); ++ fclose (newpf); ++ fclose (oldpf); ++ return 1; ++ } ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled() == 1) ++ { ++ if (getfilecon_raw(path_shadow, &pSelCon) < 0) ++ { ++ log_msg ("%s failed", logbuf); ++ log_msg ("Can't get selinux context %s: %m", path_shadow); ++ freecon(pSelCon); ++ fclose (newsf); ++ fclose (oldsf); ++ fclose (newpf); ++ fclose (oldpf); ++ return 1; ++ } ++ if (setfilecon_raw(path_shadow_tmp, pSelCon)) ++ { ++ log_msg ("%s failed", logbuf); ++ log_msg ("Can't set selinux context %s: %m", path_shadow_tmp); ++ freecon(pSelCon); ++ fclose (newsf); ++ fclose (oldsf); ++ fclose (newpf); ++ fclose (oldpf); ++ return 1; ++ } ++ freecon(pSelCon); ++ pSelCon=NULL; ++ } ++#endif /* WITH_SELINUX */ ++ + } + #endif /* HAVE_GETSPNAM */ + diff --git a/SOURCES/ypserv-2.5-nfsnobody2.patch b/SOURCES/ypserv-2.5-nfsnobody2.patch new file mode 100644 index 0000000..c2aa146 --- /dev/null +++ b/SOURCES/ypserv-2.5-nfsnobody2.patch @@ -0,0 +1,96 @@ +diff -up ./scripts/ypMakefile.in.nfsnobody2 ./scripts/ypMakefile.in +--- ./scripts/ypMakefile.in.nfsnobody2 2013-05-06 18:28:38.558327612 +0200 ++++ ./scripts/ypMakefile.in 2013-05-06 18:30:46.772434725 +0200 +@@ -40,6 +40,11 @@ YPPUSH_ARGS = + MINUID=500 + MINGID=500 + ++# Don't export this uid/guid (nfsnobody). ++# Set to 0 if you want to ++NFSNOBODYUID=65534 ++NFSNOBODYGID=65534 ++ + # Should we merge the passwd file with the shadow file ? + # MERGE_PASSWD=true|false + MERGE_PASSWD=true +@@ -294,7 +299,7 @@ passwd.byname: $(PASSWD) $(SHADOW) $(YPD + @echo "Updating $@..." + @$(UMASK); \ + $(MERGER) -p $(PASSWD) $(SHADOW) | \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ + print $$1"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \ + -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -303,7 +308,7 @@ passwd.byuid: $(PASSWD) $(SHADOW) $(YPDI + @echo "Updating $@..." + @$(UMASK); \ + $(MERGER) -p $(PASSWD) $(SHADOW) | \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ + print $$3"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \ + -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -317,7 +322,7 @@ else + passwd.byname: $(PASSWD) $(YPDIR)/Makefile + @echo "Updating $@..." + @$(UMASK); \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ + print $$1"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \ + -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -325,7 +330,7 @@ passwd.byname: $(PASSWD) $(YPDIR)/Makefi + passwd.byuid: $(PASSWD) $(YPDIR)/Makefile + @echo "Updating $@..." + @$(UMASK); \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ + print $$3"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \ + -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -334,7 +339,7 @@ shadow.byname: $(SHADOW) $(YPDIR)/Makefi + @echo "Updating $@..." + @$(UMASK); \ + $(AWK) -F: '{ if (FILENAME ~ /shadow$$/) { \ +- if (UID[$$1] >= $(MINUID) ) print $$1"\t"$$0; \ ++ if (UID[$$1] >= $(MINUID) && UID[$$1] != $(NFSNOBODYUID)) print $$1"\t"$$0; \ + } else UID[$$1] = $$3; }' $(PASSWD) $(SHADOW) \ + | $(DBLOAD) -s -i $(SHADOW) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -353,7 +358,7 @@ group.byname: $(GROUP) $(GSHADOW) $(YPDI + @echo "Updating $@..." + @$(UMASK); \ + $(MERGER) -g $(GROUP) $(GSHADOW) | \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ + print $$1"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ + +@@ -361,7 +366,7 @@ group.bygid: $(GROUP) $(GSHADOW) $(YPDIR + @echo "Updating $@..." + @$(UMASK); \ + $(MERGER) -g $(GROUP) $(GSHADOW) | \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ + print $$3"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ + +@@ -370,7 +375,7 @@ else + group.byname: $(GROUP) $(YPDIR)/Makefile + @echo "Updating $@..." + @$(UMASK); \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ + print $$1"\t"$$0 }' $(GROUP) \ + | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -378,7 +383,7 @@ group.byname: $(GROUP) $(YPDIR)/Makefile + group.bygid: $(GROUP) $(YPDIR)/Makefile + @echo "Updating $@..." + @$(UMASK); \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ + print $$3"\t"$$0 }' $(GROUP) \ + | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ diff --git a/SOURCES/ypserv-2.5-redhat.patch b/SOURCES/ypserv-2.5-redhat.patch new file mode 100644 index 0000000..1f73123 --- /dev/null +++ b/SOURCES/ypserv-2.5-redhat.patch @@ -0,0 +1,14 @@ +diff -up ./scripts/ypMakefile.in.redhat ./scripts/ypMakefile.in +--- ./scripts/ypMakefile.in.redhat 2012-01-27 15:53:03.000000000 +0100 ++++ ./scripts/ypMakefile.in 2013-05-06 18:28:38.558327612 +0200 +@@ -109,8 +109,8 @@ target: Makefile + # If you don't want some of these maps built, feel free to comment + # them out from this list. + +-all: passwd group hosts rpc services netid protocols netgrp mail \ +- shadow publickey # networks ethers bootparams printcap \ ++all: passwd group hosts rpc services netid protocols mail \ ++ # netgrp shadow publickey networks ethers bootparams printcap \ + # amd.home auto.master auto.home auto.local passwd.adjunct \ + # timezone locale netmasks + diff --git a/SOURCES/ypserv-minuid.patch b/SOURCES/ypserv-minuid.patch new file mode 100644 index 0000000..69d94f6 --- /dev/null +++ b/SOURCES/ypserv-minuid.patch @@ -0,0 +1,28 @@ +MINUID and MINGID should match the values UID_MIN and GID_MIN in +/etc/login.defs to be consistent and to not distribute uids and gids +used by the linux system. + +However, we can't simply change values to 1000 since on upgraded systems +that keep using UIDs 501+ and haven't changed /var/yp/Makefile, the Makefile +would actually be updated and UIDs lower than 1000 won't be included in maps. + +Thus, we will read MINUID and MINGID values from /etc/login.defs + +RHBZ#1004090 + +diff -up ypserv-2.31/scripts/ypMakefile.in.minuid ypserv-2.31/scripts/ypMakefile.in +--- ypserv-2.31/scripts/ypMakefile.in.minuid 2013-09-04 13:29:12.294945130 +0200 ++++ ypserv-2.31/scripts/ypMakefile.in 2013-09-04 13:31:07.308820321 +0200 +@@ -37,8 +37,10 @@ YPPUSH_ARGS = + # the passwd file. If no entry is found, this shadow entry is + # ignored. + # MINGID is the lowest gid that will be included in the group maps. +-MINUID=500 +-MINGID=500 ++# You can either set values directly (e.g. MINUID=1000) or pick up ++# current values from /etc/login.defs ++MINUID=$(shell TMP=`egrep '^UID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^UID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000) ++MINGID=$(shell TMP=`egrep '^GID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^GID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000) + + # Don't export this uid/guid (nfsnobody). + # Set to 0 if you want to diff --git a/SOURCES/ypserv-tcopenfail.patch b/SOURCES/ypserv-tcopenfail.patch new file mode 100644 index 0000000..bae0ec5 --- /dev/null +++ b/SOURCES/ypserv-tcopenfail.patch @@ -0,0 +1,23 @@ +When tcbdbopen fails to open a database file wrong pointer is returned +instead of NULL pointer. + +Patch by Edgar Hoch + +RHBZ#1004110 + +--- ypserv-2.31/lib/yp_db.c.orig 2013-04-10 16:42:21.000000000 +0200 ++++ ypserv-2.31/lib/yp_db.c 2013-09-04 02:38:04.515428554 +0200 +@@ -181,6 +181,12 @@ + } + else if (debug_flag) + log_msg ("\t\t->Returning OK!"); ++ if ( !isok ) ++ { ++ /* DB not successful opened. Close database object and set return value to NULL. */ ++ tcbdbdel (dbp); ++ dbp = NULL; ++ } + } + else + { + diff --git a/SOURCES/ypserv.service b/SOURCES/ypserv.service new file mode 100644 index 0000000..916d8e5 --- /dev/null +++ b/SOURCES/ypserv.service @@ -0,0 +1,14 @@ +[Unit] +Description=NIS/YP (Network Information Service) Server +Requires=rpcbind.service +After=syslog.target network.target rpcbind.service + +[Service] +Type=notify +NotifyAccess=all +EnvironmentFile=-/etc/sysconfig/network +ExecStart=/usr/sbin/ypserv -f $YPSERV_ARGS +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/ypxfrd.service b/SOURCES/ypxfrd.service new file mode 100644 index 0000000..cc408f2 --- /dev/null +++ b/SOURCES/ypxfrd.service @@ -0,0 +1,14 @@ +[Unit] +Description=NIS/YP (Network Information Service) Maps Transferring Accelerator +Requires=rpcbind.service +After=syslog.target network.target rpcbind.service + +[Service] +Type=notify +NotifyAccess=all +EnvironmentFile=-/etc/sysconfig/network +ExecStart=/usr/sbin/rpc.ypxfrd -f $YPXFRD_ARGS +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/ypserv.spec b/SPECS/ypserv.spec new file mode 100644 index 0000000..ff36731 --- /dev/null +++ b/SPECS/ypserv.spec @@ -0,0 +1,741 @@ +Summary: The NIS (Network Information Service) server +Url: http://www.linux-nis.org/nis/ypserv/index.html +Name: ypserv +Version: 2.31 +Release: 12%{?dist} +License: GPLv2 +Group: System Environment/Daemons +Source0: http://www.linux-nis.org/download/ypserv/ypserv-%{version}.tar.bz2 +Source1: ypserv.service +Source2: yppasswdd.service +Source3: ypxfrd.service +Source4: rpc.yppasswdd.env +Source5: yppasswdd-pre-setdomain + +Requires: gawk, make, portmap, bash >= 2.0 +Requires: tokyocabinet +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +Patch0: ypserv-2.5-redhat.patch +Patch1: ypserv-2.21-path.patch +Patch2: ypserv-2.5-nfsnobody2.patch +Patch3: ypserv-2.13-ypxfr-zeroresp.patch +Patch4: ypserv-2.13-nonedomain.patch +Patch5: ypserv-2.19-slp-warning.patch +Patch6: ypserv-2.24-manfix.patch +Patch7: ypserv-2.24-aliases.patch +Patch8: ypserv-2.27-confpost.patch +Patch9: ypserv-2.29-relro.patch +Patch10: ypserv-2.31-netgrprecur.patch +Patch11: ypserv-tcopenfail.patch +Patch12: ypserv-minuid.patch +Patch13: ypserv-2.31-map-update.patch +Patch14: ypserv-2.31-open-correct-db.patch +Patch15: ypserv-2.31-selinux-context.patch +Patch16: ypserv-2.19-ypchsh-adjunct.patch + +BuildRequires: tokyocabinet-devel +BuildRequires: systemd +BuildRequires: autoconf, automake +BuildRequires: systemd-devel +BuildRequires: libselinux-devel + +%description +The Network Information Service (NIS) is a system that provides +network information (login names, passwords, home directories, group +information) to all of the machines on a network. NIS can allow users +to log in on any machine on the network, as long as the machine has +the NIS client programs running and the user's password is recorded in +the NIS passwd database. NIS was formerly known as Sun Yellow Pages +(YP). + +This package provides the NIS server, which will need to be running on +your network. NIS clients do not need to be running the server. + +Install ypserv if you need an NIS server for your network. You also +need to install the yp-tools and ypbind packages on any NIS client +machines. + +%prep +%setup -q +%patch0 -p1 -b .redhat +%patch1 -p1 -b .path +%patch2 -p1 -b .nfsnobody +%patch3 -p1 -b .respzero +%patch4 -p1 -b .nonedomain +%patch5 -p1 -b .slp-warning +%patch6 -p1 -b .manfix +%patch7 -p1 -b .aliases +%patch8 -p1 -b .confpost +%patch9 -p1 -b .relro +%patch10 -p1 -b .netgrprecur +%patch11 -p1 -b .tcopenfail +%patch12 -p1 -b .minuid +%patch13 -p1 -b .map-update +%patch14 -p1 -b .open-correct-db +%patch15 -p1 -b .selinux-context +%patch16 -p1 -b .ypchsh-adjunct + +autoreconf + +%build +cp etc/README etc/README.etc +%ifarch s390 s390x +export CFLAGS="$RPM_OPT_FLAGS -fPIC" +%else +export CFLAGS="$RPM_OPT_FLAGS -fpic" +%endif +%configure \ + --enable-checkroot \ + --enable-fqdn \ + --libexecdir=%{_libdir}/yp \ + --with-dbmliborder=tokyocabinet \ + --with-selinux=yes +make + +%install +#make install ROOT=$RPM_BUILD_ROOT +%makeinstall libexecdir=$RPM_BUILD_ROOT%{_libdir}/yp INSTALL_PROGRAM=install +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} +mkdir -p $RPM_BUILD_ROOT%{_libexecdir} +install -m 644 etc/ypserv.conf $RPM_BUILD_ROOT%{_sysconfdir} +install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/ypserv.service +install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_unitdir}/yppasswdd.service +install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}/ypxfrd.service +install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_libexecdir}/yppasswdd-pre-setdomain + +mkdir -p $RPM_BUILD_ROOT/etc/sysconfig +cat >$RPM_BUILD_ROOT/etc/sysconfig/yppasswdd < - 2.31-12 +- Do not overwrite user password in passwd.adjunct when changing shell +- Resolves: #1624295 + +* Fri Apr 20 2018 Petr Kubat - 2.31-11 +- rpc.yppasswd: Only check selinux context if selinux is enabled + Resolves: #1492892 + +* Thu Jan 19 2017 Matej Mužila - 2.31-10 +- rpc.yppasswd: presserve selinux context of shadow and passwd + Resolves: #1255583 + +* Wed Nov 30 2016 Matej Mužila - 2.31-9 +- Do not update NIS map when master's version is older +- Open correct _temporary_ db with tokyocabinet +- Resolves #1305137, #1331882 + +* Fri Jan 24 2014 Daniel Mach - 2.31-8 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 2.31-7 +- Mass rebuild 2013-12-27 + +* Mon Nov 4 2013 Honza Horak - 2.31-6 +- Read MINUID and MINGID values from /etc/login.defs + Resolves: #1021329 + +* Wed Sep 4 2013 Honza Horak - 2.31-5 +- Return proper error code when map file opening did not succeeded + RHBZ#1004110 + +* Mon Jul 29 2013 Honza Horak - 2.31-4 +- Remove systemd-units and systemd-sysv requirements +- Clean-up SysV init conversion code +- Clean-up systemd preset macros compatibility code +- Remove fedora-releated stuff for maps upgrading + +* Mon May 27 2013 Honza Horak - 2.31-3 +- Fix crash when netgroups include recursive dependency + +* Thu May 09 2013 Honza Horak - 2.31-2 +- Enable PrivateTmp feature, just for the case + +* Mon May 06 2013 Honza Horak - 2.31-1 +- Update to new upstream version + +* Mon Feb 04 2013 Honza Horak - 2.29-8 +- Stop ypserv daemon temporary when reading info about maps + +* Mon Jan 28 2013 Honza Horak - 2.29-7 +- Open maps with no blocking for reading + +* Mon Jan 21 2013 Honza Horak - 2.29-6 +- Open database files with correct mode +- Make rebuilding maps during upgrade a bit more clever + +* Fri Nov 30 2012 Honza Horak - 2.29-5 +- Build daemons and yppush with full relro +- Move rpc.yppasswdd.env into /usr/libexec + +* Fri Nov 09 2012 Honza Horak - 2.29-4 +- Add missing break in switch + +* Thu Oct 04 2012 Honza Horak - 2.29-3 +- Run %%triggerun regardless of systemd_post variable definition + +* Mon Sep 24 2012 Honza Horak - 2.29-2 +- Use new systemd macros + Resolves: #850376 + +* Mon Sep 03 2012 Honza Horak - 2.29-1 +- Update to new upstream version that fix memory leaks (Related: #845283) +- Use sdnotify to inform systemd that daemons are ready +- Some minor spec file clean up +- Added systemd-devel as a build requirement + +* Sun Jul 22 2012 Fedora Release Engineering - 2.28-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 11 2012 Honza Horak - 2.28-2 +- Minor spec file fixes +- Helper scripts moved to /usr/libexec + +* Mon Jun 04 2012 Honza Horak - 2.28-1 +- Update to new upstream version, which fixes several bugs +- Use Tokyo Cabinet as DBM and rebuild maps after updating +- Consider NISDOMAIN variable from /etc/sysconfig/network + +* Mon May 14 2012 Honza Horak - 2.27-5 +- Checking if domainname is set moved from ypserv.service + to yppasswdd.service + Related: #456249 + +* Thu Apr 26 2012 Honza Horak - 2.27-4 +- Build against qdbm and rebuild maps after updating + +* Thu Apr 26 2012 Honza Horak - 2.27-3 +- Added patch to handle crypt() returning NULL + +* Fri Apr 13 2012 Honza Horak - 2.27-2 +- Use O_CLOEXEC when opening pid file to avoid SELinux issues + Resolves: #809120 + +* Wed Feb 01 2012 Honza Horak - 2.27-1 +- Update to new upstream version, which fixes several bugs + (removing patches that aren't needed any more) + +* Thu Jan 12 2012 Honza Horak - 2.26-10 +- Added ypserv-pre-setdomain to respect NISDOMAIN environment variable + and set domainname if empty +- Added autoreconf call (thus .path patch modified to keep impact) +- Patch .aliases fixed + Resolves: #699826 + +* Mon Dec 12 2011 Honza Horak - 2.26-9 +- Rebuild against compat_gdbm, because gdbm has changed license + to GPLv3+ and it is not compatible with ypserv GPLv2 + +* Mon Nov 28 2011 Honza Horak - 2.26-8 +- Fixed returning success when shadow file is not writable + Resolves: #747335 + +* Fri Nov 25 2011 Honza Horak - 2.26-7 +- Fixed empty domain handling in ypinit script + Resolves: #751427 +- Added a wrapper script to use all variables correctly in the unit file + Resolves: #755775 + +* Mon Oct 10 2011 Honza Horak - 2.26-6 +- Made error messages in yppasswdd more accurate + Resolves: #695754 + +* Fri Sep 30 2011 Honza Horak - 2.26-5 +- Rebuild with new gdbm-1.9.1 + +* Fri Sep 30 2011 Honza Horak - 2.26-4 +- Added passwd.adjunct support in yppasswdd to recognize + password format correctly when changing password using yppasswd + Resolves: #699667 + +* Wed Aug 31 2011 Honza Horak - 2.26-3 +- fixed hiding the change request when external script is used + in rpc.yppasswdd + +* Wed Aug 03 2011 Honza Horak - 2.26-2 +- fixed systemd unit files requires and description + +* Tue Aug 02 2011 Honza Horak - 2.26-1 +- Update to new upstream version + Simplified systemd snippets in spec file + +* Tue Jun 14 2011 Honza Horak - 2.25-3 +- Adjust yppush man page and add a comment how to assign options + to yppush (#712239) + +* Tue May 10 2011 Honza Horak - 2.25-2 +- Add systemd native services files for ypserv, ypxfrd and yppasswdd + (#696903) + +* Tue May 10 2011 Honza Horak - 2.25-1 +- Update to new upstream version, which contains .staticanal patch + +* Fri May 06 2011 Honza Horak - 2.24-4 +- Change default aliases file location to /etc/aliases to correspond + with default MTAs' config (#699826) + +* Tue Apr 26 2011 Honza Horak - 2.24-3 +- Fix problems found by static analysis +- Added man page info about passing arguments to daemons + +* Tue Oct 19 2010 Karel Klic - 2.24-2 +- Removed Buildroot tag +- Removed %%clean section +- Replace custom %%initdir macro with systemwide %%_initrddir + +* Tue Oct 19 2010 Karel Klic - 2.24-1 +- New upstream version. + +* Thu Mar 11 2010 Karel Klic - 2.23-4 +- Rebuilt for gdbm upgrade + +* Mon Mar 01 2010 Karel Klic - 2.23-3 +- /var/yp is owned by filesystem (#569382) + +* Mon Mar 01 2010 Karel Klic - 2.23-2 +- Added COPYING file to the package +- Removed Obsoletes: yppasswd +- Spec file cleanup + +* Wed Feb 24 2010 Karel Klic - 2.23-1 +- Updated to new upstream version +- Removed pidfile and nodbclose patches, as those were + merged by the upstream + +* Thu Jan 28 2010 Karel Klic - 2.21-4 +- Removed ypserv-2.21-iface.patch, because upstream refused to + merge it three times over 7 years. "Since this is + not supported by RPC (means portmapper still shows ypserv + for the other subnets and portmapper can forward requests + from other subnets via loopback), this will give quite some + unexpected behaviors and makes it pretty difficult to debug + such scenarios." + +* Wed Jan 27 2010 Karel Klic - 2.21-3 +- Added patch removing invalid ypdb_close call (#403621, #430902) + +* Thu Jan 21 2010 Karel Klic - 2.21-2 +- Added patch for rpc.ypxfrd to create a pid file +- Rewrote initscripts to become closer to Packaging:SysVInitScript + Fedora guildeline +- Fixed initscript for ypserv (rhbz#523438) +- Fixed initscript for yppasswdd (rhbz#523394) +- Fixed initscript for ypxfrd (rhbz#523397) + +* Wed Jan 13 2010 Karel Klic - 2.21-1 +- Updated to new upstream version +- Removed ypserv-2.11-nomap.patch, it has been applied by upstream +- Removed ypserv-2.19-quieter.patch, it has been applied by upstream +- Removed ypserv-2.13-yplib-memleak.patch, upstream version fixes the problem +- Removed ypserv-2.19-debuginfo.patch, upstream version no longer needs it +- Ported -path, -iface patches to the new version + +* Thu Jan 7 2010 Karel Klic - 2.19-15 +- Removed Prereq use in the spec file +- Removed usage of RPM_SOURCE_DIR from the spec file + +* Tue Jan 5 2010 Karel Klic - 2.19-14 +- Removed --enable-yppasswd from configure, as this option is + ignored + +* Mon Jul 27 2009 Fedora Release Engineering - 2.19-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Mar 3 2009 Vitezslav Crhonek - 2.19-12 +- Mark apropriate config files as noreplace + +* Wed Feb 25 2009 Fedora Release Engineering - 2.19-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Sep 25 2008 Vitezslav Crhonek - 2.19-10 +- Rediff all patches to work with patch --fuzz=0 + +* Wed Feb 13 2008 Vitezslav Crhonek - 2.19-9 +- Mark /var/yp/Makefile as %%config(noreplace) + Resolves: #432582 +- Comment "slp" part of ypserv.conf to avoid ypserv warnings + Resolves: #154806 +- Spec file cleanup - remove period from end of Summary, + fix license, remove macros from Changelog + +* Mon Feb 4 2008 Vitezslav Crhonek - 2.19-8 +- Fix Buildroot +- Fix /var/yp/Makefile + Resolves: #431008 + +* Tue Jan 8 2008 Steve Dickson 2.19-7 +- Changed Makefiles.in so binaries are not stripped. + +* Sat Sep 15 2007 Steve Dickson 2.19-6 +- Fixed init scripts to return correct exit code on + 'service status' (bz 248097) + +* Tue Jul 31 2007 Steve Dickson 2.19-5 +- Changed install process to create an useful debuginfo package (bz 249961) + +* Fri Dec 22 2006 Steve Dickson - 2.19-4 +- Made ypserver less verbose on common errors (bz #199236) +- Don't allow a make for empty domainname's or domainname's set to (none) + (bz #197646) + +* Wed Sep 13 2006 Steve Dickson - 2.19-3 +- Added range checks to port values given on command line + (bz 205354) + +* Tue Jul 25 2006 Steve Dickson - 2.19-2 +- fixed typo in ypxfrd initscript (bz 185403) + +* Fri Jul 14 2006 Jesse Keating - 2.19-1 +- rebuild + +* Mon Feb 13 2006 Chris Feist - 2.19-0 +- Rebuilt against latest upstream sources (2.19). + +* Fri Feb 10 2006 Jesse Keating - 2.13-10.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.13-10.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Jan 9 2006 Chris Feist - 2.13-10 +- Fix crash with ypxfr caused by failing to zero out data (bz #161217) + +* Wed Jan 4 2006 Jesse Keating - 2.13-6.2 +- rebuilt for new gcc + +* Thu Oct 14 2004 Miloslav Trmac - 2.13-5 +- Fix crash with -p (#134910, #129676) + +* Tue Aug 31 2004 Steve Dickson +- Zeroed out the ypxfr response buffer so allocated memory + is not freed with the transfer fails + +* Sat Jun 19 2004 Steve Dickson +- Closed a memory leak in GDBM database routines (bz 120980) + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Mon May 17 2004 Thomas Woerner 2.13-1 +- compiling rpc.yppasswdd, rpc.ypxfrd, yppush and ypserv PIE + +* Fri Apr 16 2004 Steve Dickson +- Updated to 2.13 + +* Fri Apr 2 2004 Steve Dickson +- Change ypMakefile to create services.byservicename + maps correctly + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Tue Feb 24 2004 Phil Knirsch 2.12.1-1 +- Updated to latest upstream version. + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Mon Jan 19 2004 Phil Knirsch 2.11-1 +- Updated to latest upstream version. +- Dropped ypserv-2.8-echild.patch (not needed anymore). +- Fixed several other patches for new version. + +* Mon Sep 15 2003 Steve Dickson +- updated Release number for QU1 + +* Mon Sep 15 2003 Steve Dickson +- Recompiled for AS2.1 + +* Wed Sep 10 2003 Steve Dickson +- Added the --iface flag. + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Thu Apr 24 2003 Steve Dickson +- Update to 2.8 + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Nov 5 2002 Alexander Larsson 2.6-1 +- Updated to 2.6, allows you to disable db caching, bug #76618 + +* Mon Oct 7 2002 Alexander Larsson 2.5-2 +- Added comments to nfsnobody patch +- Corrected URL +- fixed missing %%doc file, bug #74060 + +* Thu Aug 15 2002 Alexander Larsson 2.5-1 +- Update to 2.5, fixes memleak +- remove manpage patch since it was already fixed upstream + +* Thu Aug 15 2002 Alexander Larsson +- Fix ypserv.conf manpage, bug #69785 +- Don't leak nfsnobody into nfs maps, bug #71515 + +* Thu Aug 8 2002 Alexander Larsson 2.3-3 +- Remove old broken triggers that are not needed anymore. Fixes #70612 + +* Fri Jun 21 2002 Tim Powers 2.3-2 +- automated rebuild + +* Tue Jun 11 2002 Alex Larsson 2.3-1 +- Updated to 2.3 from upstream. +- Removed patches that went in upstream. + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Tue Apr 16 2002 Alex Larsson 2.2-9 +- Removed my ypserv-2.2-services patch. According to thorsten + (yp maintainer) the key in services.byname actually + SHOULD be port/protocol. + +* Mon Apr 8 2002 Alex Larsson 2.2-8 +- Change the yppush patch to the patch from thorsten. + +* Fri Apr 5 2002 Alex Larsson 2.2-7 +- Added patch to fix yppush timeout errors (#62429) + +* Wed Mar 27 2002 Alex Larsson 2.2-6 +- Make yppasswdd source /etc/sysconf/yppasswd for options (#52253) + +* Mon Mar 25 2002 Alex Larsson 2.2-5 +- Add patch that fixes generation of services.byname. (#41851) +- Actually apply patch #5, seems like it got left out by misstake + +* Fri Mar 22 2002 Alex Larsson 2.2-4 +- Changed Copyright from GNU to GPL + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Sat Dec 08 2001 Florian La Roche +- fix restart initscript option #57129 +- add a "gawk" requires #57002 +- fix printcap bug #56993 +- fix ypxfrd init script #55234 + +* Wed Dec 05 2001 Florian La Roche +- update to 2.2 plus first official bug-fix + +* Sat Nov 17 2001 Florian La Roche +- update to version 2.1, adjust all patches + +* Mon Aug 27 2001 Florian La Roche +- set domainname if it is not yet set #52514 + +* Tue Jul 24 2001 Florian La Roche +- add gdbm-devel BuildReq #49767 +- add ypxfrd init script #44845 +- fix #44805 +- fix #20042, adding option to yppasswdd startup +- own /var/yp + +* Mon Jul 9 2001 Tim Powers +- added reload entry to initscript (same as restart) + +* Fri Jun 29 2001 Florian La Roche +- update to 1.3.12 + +* Wed Mar 28 2001 Florian La Roche +- do not require tcp_wrappers anymore + +* Thu Mar 15 2001 Philipp Knirsch +- Added missing make requirement + +* Tue Feb 27 2001 Preston Brown +- don't own dir /var/yp + +* Wed Jan 24 2001 Florian La Roche +- prepare for startup script translation + +* Thu Jan 11 2001 Bernhard Rosenkraenzer +- Start after netfs (#23527) + +* Wed Aug 16 2000 Than Ngo +- fix typo in startup script (Bug #15999) + +* Wed Jul 19 2000 Than Ngo +- inits back to rc.d/init.d, using service +- fix initscript again + +* Mon Jul 17 2000 Bill Nottingham +- move initscript back +- fix format syslog bug + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Fri Jul 7 2000 Florian La Roche +- prereq /etc/init.d + +* Tue Jun 27 2000 Than Ngo +- /etc/rc.d/init.d -> /etc/init.d +- fix initscript + +* Sun Jun 18 2000 Than Ngo +- FHS fixes, +- fix docdir + +* Fri May 19 2000 Florian La Roche +- disable "netgrp" target in default all: (/var/yp/Makefile) + +* Thu May 18 2000 Florian La Roche +- update to 1.3.11 + +* Mon Mar 06 2000 Cristian Gafton +- add patch to avoid potential deadlock on the server (fix #9968) + +* Wed Feb 2 2000 Florian La Roche +- fix typo in %%triggerpostun + +* Mon Oct 25 1999 Bill Nottingham +- update to 1.3.9 +- use gdbm, move back to /usr/sbin + +* Tue Aug 17 1999 Bill Nottingham +- initscript munging +- ypserv goes on root partition + +* Fri Aug 13 1999 Cristian Gafton +- version 1.3.7 + +* Thu Jul 1 1999 Bill Nottingham +- start after network FS + +* Tue Jun 1 1999 Jeff Johnson +- update to 1.3.6.94. + +* Sun May 30 1999 Jeff Johnson +- improved daemonization. + +* Sat May 29 1999 Jeff Johnson +- fix buffer overflow in rpc.yppasswd (#3126). + +* Fri May 28 1999 Jeff Johnson +- update to 1.3.6.92. + +* Fri Mar 26 1999 Cristian Gafton +- version 1.3.6.91 + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 4) + +* Mon Feb 8 1999 Bill Nottingham +- move to start before ypbind + +* Thu Dec 17 1998 Cristian Gafton +- build for glibc 2.1 +- upgraded to 1.3.5 + +* Tue Aug 4 1998 Jeff Johnson +- yppasswd.init: lock file must have same name as init.d script, not daemon + +* Sat Jul 11 1998 Cristian Gafton +- upgraded to 1.3.4 +- fixed the fubared Makefile +- link against gdbm instead of ndbm (it seems to work better) + +* Sat May 02 1998 Cristian Gafton +- upgraded to 1.3.1 +- enhanced init scripts + +* Fri May 01 1998 Jeff Johnson +- added triggerpostun +- Use libdb fro dbp_*(). + +* Fri Apr 24 1998 Prospector System +- translations modified for de, fr, tr + +* Mon Apr 13 1998 Cristian Gafton +- updated to 1.3.0 + +* Wed Dec 03 1997 Cristian Gafton +- updated to 1.2.5 +- added buildroot; updated spec file +- added yppasswdd init file + +* Tue Nov 04 1997 Erik Troan +- init script shouldn't set the domain name + +* Tue Oct 14 1997 Erik Troan +- supports chkconfig +- updated initscript for status and restart +- turned off in all runlevels, by default +- removed postinstall script which didn't do anything + +* Thu Oct 09 1997 Erik Troan +- added patch to build against later glibc + +* Mon Jul 21 1997 Erik Troan +- built against glibc + +* Wed Apr 23 1997 Erik Troan +- updated to 1.1.7. + +* Fri Mar 14 1997 Erik Troan +- Updated to ypserv 1.1.5, ported to Alpha (glibc). + +* Fri Mar 07 1997 Erik Troan +- Removed -pedantic which confuses the SPARC :-(