Hello community, here is the log from the commit of package xinetd for openSUSE:Factory checked in at 2013-04-24 16:14:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xinetd (Old) and /work/SRC/openSUSE:Factory/.xinetd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xinetd", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/xinetd/xinetd.changes 2013-04-05 17:21:59.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xinetd.new/xinetd.changes 2013-04-24 16:14:50.000000000 +0200 @@ -1,0 +2,27 @@ +Fri Apr 19 12:38:35 UTC 2013 - [email protected] + +- update to 2.3.15 + * If the address we're binding to is a multicast address, do the multicast join. + * Merge the Fedora patch to turn off libwrap processing on tcp rpc services. + Patch xinetd-2.3.12-tcp_rpc.patch. + * Merge the Fedora patch to add labeled networking. + Patch xinetd-2.3.14-label.patch r1.4. + * Merge the Fedora patch to fix getpeercon() for labeled networking in MLS environments. + Patch xinetd-2.3.14-contextconf.patch r1.1 + * Merge the Fedora patch for int->ssize_t. Patch xinetd-2.3.14-ssize_t.patch r1.1 + * Change compiler flags, -Wconversion generates excessive and unnecessary + warnings with gcc, particularly all cases of ntohs(uint16_t). + http://gcc.gnu.org/bugzilla/show_bug.cgi?id=6614 Additionally add -Wno-unused + to prevent unnecessary warnings regarding unused function parameters when the + function is a callback conforming to a standard interface. + * Merge patch from Thomas Swan regarding CVE-2012-0862 +- merged the SUSE xinetd.conf with the upstream one + this changes default target for logging - now the syslog is used + instead of /var/log/xinetd.log + * xinetd-config.patch +- logrotate dependency has been dropped and config file is installed + in /usr/share/doc/packages/xinetd +- drop rc.xinetd and add xinetd.service instead +- add an entry to README.SUSE explaining the systemd socket activation + +------------------------------------------------------------------- Old: ---- README.SuSE rc.xinetd xinetd-2.3.14.tar.gz New: ---- README.SUSE xinetd-2.3.15.tar.gz xinetd-config.patch xinetd.service ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xinetd.spec ++++++ --- /var/tmp/diff_new_pack.RPLuJW/_old 2013-04-24 16:14:51.000000000 +0200 +++ /var/tmp/diff_new_pack.RPLuJW/_new 2013-04-24 16:14:51.000000000 +0200 @@ -17,59 +17,50 @@ Name: xinetd -BuildRequires: autoconf -BuildRequires: tcpd-devel -PreReq: %insserv_prereq %fillup_prereq -Provides: inet-daemon -Requires: logrotate -Version: 2.3.14 +Version: 2.3.15 Release: 0 Url: http://www.xinetd.org/ Summary: An 'inetd' with Expanded Functionality License: SUSE-xinetd Group: Productivity/Networking/System Source0: http://www.xinetd.org/%{name}-%{version}.tar.gz -Source2: rc.xinetd -Source3: xinetd.conf -Source4: FAQ -Source5: README.SuSE -Source6: %{name}-service_files.tar.bz2 -Source7: logrotate -Patch: %{name}-%{version}-man.dif -Patch4: %{name}-%{version}-server_args-fix.diff -Patch5: %{name}-%{version}-strict-aliasing-fix.diff -Patch6: %{name}-%{version}-nodeadlock.diff -Patch8: %{name}-%{version}-pie.patch -Patch9: %{name}-%{version}-ipv6-ipv4-fallback.patch -Patch10: %{name}-%{version}-honour_disable.patch -Patch11: %{name}-%{version}-ident-bind.patch -Patch12: %{name}-%{version}-nodeadlock-revisited.patch +Source1: xinetd.service +Source2: FAQ +Source3: README.SUSE +Source4: %{name}-service_files.tar.bz2 +Source5: logrotate +Patch0: %{name}-2.3.14-man.dif +Patch4: %{name}-2.3.14-server_args-fix.diff +Patch5: %{name}-2.3.14-strict-aliasing-fix.diff +Patch6: %{name}-2.3.14-nodeadlock.diff +Patch8: %{name}-2.3.14-pie.patch +Patch9: %{name}-2.3.14-ipv6-ipv4-fallback.patch +Patch10: %{name}-2.3.14-honour_disable.patch +Patch11: %{name}-2.3.14-ident-bind.patch +Patch12: %{name}-2.3.14-nodeadlock-revisited.patch +#PATCH-FIX-SUSE: merge the SUSE's default xinetd.conf with upstream one +Patch13: xinetd-config.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: autoconf +BuildRequires: systemd +BuildRequires: tcpd-devel +%{systemd_requires} +Provides: inet-daemon + %description xinetd takes the abilities of inetd and appends additional functionality: - Access Control - - Prevention of 'denial of access' attacks - - Extensive logging abilities - - Clear configuration file - -Authors: --------- - Panagiotis Tsirigotis <[email protected]> - Rob Braun <[email protected]> - %prep -%setup -b 0 -T -D -a 6 -%patch -cp %{S:4} . -cp %{S:5} . +%setup -b 0 -T -D -a 4 +%patch0 %patch4 %patch5 %patch6 @@ -78,47 +69,60 @@ %patch10 %patch11 -p1 %patch12 -p1 +%patch13 -p1 + +# FAQ, README.SUSE and logrotate +cp %{SOURCE2} %{SOURCE3} %{SOURCE5} . %build autoconf -CFLAGS="$RPM_OPT_FLAGS -Wformat=2" ./configure --prefix=/usr \ - --sysconfdir=/etc \ +export CFLAGS="$RPM_OPT_FLAGS -Wformat=2" +./configure \ + --prefix=%{_prefix} \ + --sysconfdir=%{_sysconfdir} \ --mandir=%{_mandir}\ --with-loadavg \ --with-libwrap + make %{?_smp_mflags} %install -install -d -m 755 $RPM_BUILD_ROOT/etc/{init.d,logrotate.d} -install -d -m 755 $RPM_BUILD_ROOT/%{_mandir} -make install DAEMONDIR=$RPM_BUILD_ROOT/usr/sbin MANDIR=${RPM_BUILD_ROOT}/%{_mandir} -install -m 644 %{S:3} $RPM_BUILD_ROOT/etc/xinetd.conf -cp -a etc $RPM_BUILD_ROOT -install -m 755 %{S:2} $RPM_BUILD_ROOT/etc/init.d/xinetd -ln -sf ../../etc/init.d/xinetd $RPM_BUILD_ROOT/usr/sbin/rcxinetd -install -m 644 %{S:7} $RPM_BUILD_ROOT/etc/logrotate.d/xinetd +install -d -m 755 %{buildroot}%{_mandir} +make install DAEMONDIR=%{buildroot}%{_sbindir} MANDIR=${RPM_BUILD_ROOT}/%{_mandir} + +#config file and initial services +install -d -m 0755 %{buildroot}%{_sysconfdir} +install -m 644 contrib/%{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf +cp -a etc %{buildroot} + +#xinetd.service +install -d -m 0755 %{buildroot}%{_unitdir} +install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service +ln -sf ../../sbin/service %{buildroot}%{_sbindir}/rc%{name} + +%pre +%service_add_pre %{name}.service %post -%{fillup_and_insserv xinetd} +%service_add_post %{name}.service %preun +if [ -x /etc/init.d/%{name} ]; then %stop_on_removal xinetd +fi +%service_del_preun %{name}.service %postun -%restart_on_update xinetd -%{insserv_cleanup} - -%clean -[ -d %{buildroot} -a "%{buildroot}" != "" ] && rm -rf %{buildroot} +%service_del_postun %{name}.service %files %defattr(-,root,root) -%doc README CHANGELOG COPYRIGHT FAQ README.SuSE -%doc %{_mandir}/*/* -%config(noreplace) /etc/logrotate.d/xinetd -/etc/xinetd.d/* -/usr/sbin/* -/etc/init.d/xinetd -%config(noreplace) /etc/xinetd.conf +%doc README CHANGELOG COPYRIGHT FAQ README.SUSE logrotate +%doc %{_mandir}/man5/%{name}.conf.* +%doc %{_mandir}/man8/* +%config(noreplace) %{_sysconfdir}/xinetd.d/* +%config(noreplace) %{_sysconfdir}/%{name}.conf +%{_sbindir}/* +%{_unitdir}/%{name}.service %changelog ++++++ README.SUSE ++++++ # Merged IPv4 and IPv6 support Since 2.3.4 has xinetd merged IPv4 and IPv6 support. It means that it is possible to use both protocols simultaneously. xined is compiled to use IPv4 by default. IPv6 must be enabled for each service in configuration file, see man xinetd.conf. Since 2.3.14 in SUSE, xinetd can create services that use either IPv6 or IPv4, depending on the IPv6 support by the system. See man xinetd.conf as well. Xinetd was patched to honour disable line in service configuration files (stored in /etc/xinetd.d). Xinetd now aborts parsing of the config file as soon as it reads the line "disable = yes". This was made to prevent Xinetd from dropping warnings into logs which where not relevant. Futher information can be found at: https://bugzilla.novell.com/show_bug.cgi?id=254613 # Systemd SUSE distributions uses systemd as a default init system. It provides a xinetd-like capability called socket activation, where services are spawned once underlying socket get an incoming connection. ## Example of socket activation The xinetd configuration for ftp daemon /etc/xinetd.d/ftp service ftp { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/ftpd } This is an equvalent socket unit ftp.socket [Unit] Description=FTP Server socket [Socket] ListenStream=21 #service is spawned for each incoming connection in inetd-style #Accept=true # Those two lines will ensure the ftp.socket will be created on a system boot [Install] WantedBy=sockets.target ftpd.service [Unit] Description=FTP Server service [Service] ExecStart=/usr/bin/ftpd # not needed in case, .service and .socket units has the same name Sockets=ftp.socket Then you need to enable socket # systemctl enable ftp.socket Start it (will be done on next boot if enabled before) # systemctl start ftp.socket And server can be started manually by # systemctl enable ftp.service Status of .socket and .service can be checked using systemctl status ftp.(socket|service) Please consult systemd.socket(5), systemd.exec(5), systemd.service(5) and systemd.unit(5) for detailed information about all options provided by systemd. Your SUSE Team ++++++ xinetd-2.3.14-ipv6-ipv4-fallback.patch ++++++ --- /var/tmp/diff_new_pack.RPLuJW/_old 2013-04-24 16:14:51.000000000 +0200 +++ /var/tmp/diff_new_pack.RPLuJW/_new 2013-04-24 16:14:51.000000000 +0200 @@ -1,6 +1,8 @@ ---- xinetd/confparse.c +Index: xinetd/confparse.c +=================================================================== +--- xinetd/confparse.c.orig +++ xinetd/confparse.c -@@ -544,10 +544,9 @@ +@@ -544,10 +544,9 @@ static status_e service_attr_check( stru } if( SC_IPV4( scp ) && SC_IPV6( scp ) ) { @@ -13,9 +15,11 @@ } /* ---- xinetd/service.c +Index: xinetd/service.c +=================================================================== +--- xinetd/service.c.orig +++ xinetd/service.c -@@ -322,12 +322,29 @@ +@@ -336,12 +336,29 @@ status_e svc_activate( struct service *s return( OK ); } @@ -46,105 +50,131 @@ } if ( SVC_FD(sp) == -1 ) ---- etc/xinetd.d/chargen +Index: etc/xinetd.d/chargen +=================================================================== +--- etc/xinetd.d/chargen.orig +++ etc/xinetd.d/chargen -@@ -10,4 +10,5 @@ +@@ -10,4 +10,5 @@ service chargen user = root wait = no disable = yes + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/chargen-udp +Index: etc/xinetd.d/chargen-udp +=================================================================== +--- etc/xinetd.d/chargen-udp.orig +++ etc/xinetd.d/chargen-udp -@@ -11,4 +11,5 @@ +@@ -11,4 +11,5 @@ service chargen wait = yes disable = yes port = 19 + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/daytime +Index: etc/xinetd.d/daytime +=================================================================== +--- etc/xinetd.d/daytime.orig +++ etc/xinetd.d/daytime -@@ -10,4 +10,5 @@ +@@ -10,4 +10,5 @@ service daytime user = root wait = no disable = yes + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/daytime-udp +Index: etc/xinetd.d/daytime-udp +=================================================================== +--- etc/xinetd.d/daytime-udp.orig +++ etc/xinetd.d/daytime-udp -@@ -11,4 +11,5 @@ +@@ -11,4 +11,5 @@ service daytime wait = yes disable = yes port = 13 + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/discard +Index: etc/xinetd.d/discard +=================================================================== +--- etc/xinetd.d/discard.orig +++ etc/xinetd.d/discard -@@ -10,4 +10,5 @@ +@@ -10,4 +10,5 @@ service discard user = root wait = no disable = yes + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/discard-udp +Index: etc/xinetd.d/discard-udp +=================================================================== +--- etc/xinetd.d/discard-udp.orig +++ etc/xinetd.d/discard-udp -@@ -11,4 +11,5 @@ +@@ -11,4 +11,5 @@ service discard wait = yes disable = yes port = 9 + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/echo +Index: etc/xinetd.d/echo +=================================================================== +--- etc/xinetd.d/echo.orig +++ etc/xinetd.d/echo -@@ -10,4 +10,5 @@ +@@ -10,4 +10,5 @@ service echo user = root wait = no disable = yes + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/echo-udp +Index: etc/xinetd.d/echo-udp +=================================================================== +--- etc/xinetd.d/echo-udp.orig +++ etc/xinetd.d/echo-udp -@@ -11,4 +11,5 @@ +@@ -11,4 +11,5 @@ service echo wait = yes disable = yes port = 7 + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/servers +Index: etc/xinetd.d/servers +=================================================================== +--- etc/xinetd.d/servers.orig +++ etc/xinetd.d/servers -@@ -10,4 +10,5 @@ +@@ -10,4 +10,5 @@ service servers wait = no disable = yes only_from = 127.0.0.1 + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/services +Index: etc/xinetd.d/services +=================================================================== +--- etc/xinetd.d/services.orig +++ etc/xinetd.d/services -@@ -10,4 +10,5 @@ +@@ -10,4 +10,5 @@ service services wait = no disable = yes only_from = 127.0.0.1 + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/time +Index: etc/xinetd.d/time +=================================================================== +--- etc/xinetd.d/time.orig +++ etc/xinetd.d/time -@@ -11,4 +11,5 @@ +@@ -11,4 +11,5 @@ service time user = root wait = no disable = yes + FLAGS = IPv6 IPv4 } ---- etc/xinetd.d/time-udp +Index: etc/xinetd.d/time-udp +=================================================================== +--- etc/xinetd.d/time-udp.orig +++ etc/xinetd.d/time-udp -@@ -11,4 +11,5 @@ +@@ -11,4 +11,5 @@ service time wait = yes disable = yes port = 37 + FLAGS = IPv6 IPv4 } ---- xinetd/xinetd.conf.man +Index: xinetd/xinetd.conf.man +=================================================================== +--- xinetd/xinetd.conf.man.orig +++ xinetd/xinetd.conf.man -@@ -142,6 +142,10 @@ +@@ -144,6 +144,10 @@ Sets the service to be an IPv4 service ( .TP .B IPv6 Sets the service to be an IPv6 service (AF_INET6), if IPv6 is available on the system. @@ -153,5 +183,5 @@ +fails (ie. the operating system doesn't have IPv6 support), it will create an +IPv4 service. .TP - .B REUSE - The REUSE flag is deprecated. All services now implicitly use the REUSE flag. + .B LABELED + The LABELED flag will tell xinetd to change the child processes SE Linux context to match that of the incoming connection as it starts the service. This only works for external tcp non-waiting servers and is an error if applied to an internal, udp, or tcp-wait server. ++++++ xinetd-2.3.14-pie.patch ++++++ --- /var/tmp/diff_new_pack.RPLuJW/_old 2013-04-24 16:14:51.000000000 +0200 +++ /var/tmp/diff_new_pack.RPLuJW/_new 2013-04-24 16:14:51.000000000 +0200 @@ -1,6 +1,8 @@ ---- xinetd/Makefile.in.pie 2003-06-07 09:47:24.000000000 -0700 -+++ xinetd/Makefile.in 2003-10-28 10:59:55.000000000 -0800 -@@ -119,7 +119,7 @@ +Index: xinetd/Makefile.in +=================================================================== +--- xinetd/Makefile.in.orig ++++ xinetd/Makefile.in +@@ -119,7 +119,7 @@ itox: itox.c $(CC) $(CFLAGS) $(DEBUG) $(SRCDIR)/itox.c -o $@ $(LDFLAGS) $(LIBS) xinetd: $(OBJS) @@ -9,14 +11,16 @@ clean: rm -f $(OBJS) $(NAME) core itox ---- Makefile.in.pie 2003-10-28 10:54:39.000000000 -0800 -+++ Makefile.in 2003-10-28 10:54:39.000000000 -0800 -@@ -14,7 +14,7 @@ +Index: Makefile.in +=================================================================== +--- Makefile.in.orig ++++ Makefile.in +@@ -14,7 +14,7 @@ topdir = @top_srcdir@ LIBS = -lsio -lstr -lmisc -lxlog -lportable -lpset @LIBS@ -CFLAGS += @CFLAGS@ +CFLAGS += @CFLAGS@ -fPIE - DCFLAGS = -Wall -Wredundant-decls -W -Wfloat-equal -Wundef -Wcast-qual -Wwrite-strings -Wconversion -Wmissing-noreturn -Wmissing-format-attribute -Wshadow -Wpointer-arith -g + DCFLAGS = -Wall -Wredundant-decls -W -Wfloat-equal -Wundef -Wcast-qual -Wwrite-strings -Wmissing-noreturn -Wmissing-format-attribute -Wshadow -Wpointer-arith -Wno-unused -g ++++++ xinetd-2.3.14.tar.gz -> xinetd-2.3.15.tar.gz ++++++ ++++ 2119 lines of diff (skipped) ++++++ xinetd-config.patch ++++++ From: [email protected] Subject: Merge SUSE default config with upstream one SUSE have been providing own xinetd.conf, which is a bit different from upstream. This patch merges almost all features of old default configuration, except the default log_type is SYSLOG instead of a file. That means all xinetd instances start to use syslog by default. --- contrib/xinetd.conf | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) Index: xinetd-2.3.15/contrib/xinetd.conf =================================================================== --- xinetd-2.3.15.orig/contrib/xinetd.conf +++ xinetd-2.3.15/contrib/xinetd.conf @@ -13,20 +13,31 @@ defaults # enabled = # disabled = +# Previous default in SUSE - please don't forget to use the logrotate. The +# sample configuration is in /usr/share/packages/doc/xinetd/logrotate +# log_type = FILE /var/log/xinetd.log + # Define general logging characteristics. log_type = SYSLOG daemon info - log_on_failure = HOST - log_on_success = PID HOST DURATION EXIT + log_on_failure = HOST ATTEMPT + log_on_success = HOST EXIT DURATION # Define access restriction defaults # # no_access = -# only_from = +# only_from = localhost # max_load = 0 cps = 50 10 - instances = 50 + instances = 30 per_source = 10 +# +# The specification of an interface is interesting, if we are on a firewall. +# For example, if you only want to provide services from an internal +# network interface, you may specify your internal interfaces IP-Address. +# +# bind = 127.0.0.1 + # Address and networking defaults # # bind = ++++++ xinetd.conf ++++++ --- /var/tmp/diff_new_pack.RPLuJW/_old 2013-04-24 16:14:52.000000000 +0200 +++ /var/tmp/diff_new_pack.RPLuJW/_new 2013-04-24 16:14:52.000000000 +0200 @@ -7,7 +7,7 @@ defaults { - log_type = FILE /var/log/xinetd.log + log_type = SYSLOG /var/log/xinetd.log log_on_success = HOST EXIT DURATION log_on_failure = HOST ATTEMPT # only_from = localhost ++++++ xinetd.service ++++++ [Unit] Description=Xinetd A Powerful Replacement For Inetd [Service] Type=simple ExecStart=/usr/sbin/xinetd -stayalive -dontfork ExecReload=/usr/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
