commit
ccf2a46d18
@ -0,0 +1 @@
|
||||
1a508618ce847ffd0b00a4341cbcb8b310f845e9 SOURCES/authd-1.4.4.tar.gz
|
@ -0,0 +1 @@
|
||||
SOURCES/authd-1.4.4.tar.gz
|
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=Authd Activation Socket
|
||||
|
||||
[Socket]
|
||||
ListenStream=113
|
||||
Accept=true
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=Authd Ident Protocol Requests Server
|
||||
After=local-fs.target
|
||||
|
||||
[Service]
|
||||
User=ident
|
||||
ExecStart=/usr/sbin/in.authd -t60 --xerror --os -E
|
||||
StandardInput=socket
|
@ -0,0 +1,36 @@
|
||||
diff --git a/authd.c b/authd.c
|
||||
index a2072de..07c6f0d 100644
|
||||
--- a/authd.c
|
||||
+++ b/authd.c
|
||||
@@ -539,7 +538,9 @@ static char *get_created_tok_addr(const char *peer_addr_hex) {
|
||||
}
|
||||
// hex addr must have even number of digits
|
||||
if ((int) z & 1) {
|
||||
- errno = EINVAL; return NULL;
|
||||
+ free(addr);
|
||||
+ errno = EINVAL;
|
||||
+ return NULL;
|
||||
}
|
||||
while (z > 1) {
|
||||
unsigned long ul; char *endptr;
|
||||
@@ -548,7 +549,9 @@ static char *get_created_tok_addr(const char *peer_addr_hex) {
|
||||
addr_hex[z] = '\0'; z -= HEX_DIG;
|
||||
ul = strtoul(addr_hex + z, &endptr, 16);
|
||||
if (is_bad_strto(addr_hex + z, endptr)) {
|
||||
- errno = EINVAL; return NULL;
|
||||
+ free(addr);
|
||||
+ errno = EINVAL;
|
||||
+ return NULL;
|
||||
}
|
||||
if ((!IS_IPV4 || 6 == z) && is_16_bits)
|
||||
*p++ = ':';
|
||||
@@ -809,7 +812,7 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
|
||||
const EVP_MD *const HASH = EVP_md5(); // openssl compat: enc -pass
|
||||
const size_t KEY_SIZE = EVP_CIPHER_key_length(x->cipher);
|
||||
const size_t IV_SIZE = EVP_CIPHER_iv_length(x->cipher);
|
||||
- char *pass = NULL; size_t z = 0;
|
||||
+ unsigned char *pass = NULL; size_t z = 0;
|
||||
|
||||
if (!S_ISREG(file.st_mode)) return false; // no dirs, devs, etc.
|
||||
if (file.st_mode & (S_IROTH | S_IWOTH)) return false; // no ------rw-
|
||||
|
@ -0,0 +1,92 @@
|
||||
%global _hardened_build 1
|
||||
|
||||
Summary: A RFC 1413 ident protocol daemon
|
||||
Name: authd
|
||||
Version: 1.4.4
|
||||
Release: 5%{?dist}.1
|
||||
License: GPLv2+
|
||||
URL: https://github.com/InfrastructureServices/authd
|
||||
Obsoletes: pidentd < 3.2
|
||||
Provides: pidentd = 3.2
|
||||
Requires(post): openssl
|
||||
Source0: https://github.com/InfrastructureServices/authd/releases/download/v1.4.4/authd-1.4.4.tar.gz
|
||||
Source1: auth.socket
|
||||
Source2: auth@.service
|
||||
BuildRequires: gcc
|
||||
BuildRequires: openssl-devel gettext help2man systemd-units
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
|
||||
Patch0: authd-covscan.patch
|
||||
|
||||
%description
|
||||
authd is a small and fast RFC 1413 ident protocol daemon
|
||||
with both xinetd server and interactive modes that
|
||||
supports IPv6 and IPv4 as well as the more popular features
|
||||
of pidentd.
|
||||
|
||||
%prep
|
||||
%autosetup
|
||||
|
||||
%build
|
||||
make prefix=%{_prefix} CFLAGS="%{optflags}" \
|
||||
LDFLAGS="-lcrypto %{build_ldflags}"
|
||||
|
||||
%install
|
||||
%make_install datadir=%{buildroot}/%{_datadir} \
|
||||
sbindir=%{buildroot}/%{_sbindir}
|
||||
|
||||
install -d %{buildroot}%{_unitdir}/
|
||||
install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/
|
||||
install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/
|
||||
|
||||
install -d %{buildroot}%{_sysconfdir}/
|
||||
touch %{buildroot}%{_sysconfdir}/ident.key
|
||||
|
||||
install -d %{buildroot}/%{_mandir}/man1/
|
||||
help2man -N -v -V %{buildroot}/%{_sbindir}/in.authd -o \
|
||||
%{buildroot}/%{_mandir}/man1/in.authd.1
|
||||
|
||||
%find_lang %{name}
|
||||
|
||||
%post
|
||||
/usr/sbin/adduser -s /sbin/nologin -u 98 -r -d '/' ident 2>/dev/null || true
|
||||
/usr/bin/openssl rand -base64 -out %{_sysconfdir}/ident.key 32
|
||||
echo CHANGE THE LINE ABOVE TO A PASSPHRASE >> %{_sysconfdir}/ident.key
|
||||
/bin/chown ident:ident %{_sysconfdir}/ident.key
|
||||
chmod o-rw %{_sysconfdir}/ident.key
|
||||
%systemd_post auth.socket
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart auth.socket
|
||||
|
||||
%preun
|
||||
%systemd_preun auth.socket
|
||||
|
||||
%files -f authd.lang
|
||||
%license COPYING
|
||||
%verify(not md5 size mtime user group) %config(noreplace) %attr(640,root,root) %{_sysconfdir}/ident.key
|
||||
%doc COPYING README.html rfc1413.txt
|
||||
%{_sbindir}/in.authd
|
||||
%{_mandir}/*/*
|
||||
%{_unitdir}/*
|
||||
|
||||
%changelog
|
||||
* Wed Jul 17 2019 Pavel Zhukov <pzhukov@redhat.com> - 1.4.4-5.1
|
||||
- Resolves: #1722492 - Partially revert covscan fix
|
||||
|
||||
* Mon Feb 18 2019 Pavel Zhukov <pzhukov@redhat.com> - 1.4.4-5
|
||||
- Related: #1642073 - Properly pass hardened ld flags
|
||||
- Fix covscan reported errors
|
||||
|
||||
* Sun Feb 17 2019 Pavel Zhukov <pzhukov@redhat.com> - 1.4.4-2
|
||||
- Related: #1642073 - Rebuild with RHEL CFLAGS
|
||||
- Enabled hardered build
|
||||
|
||||
* Tue Feb 12 2019 Pavel Zhukov <pzhukov@redhat.com> - 1.4.4-1
|
||||
- Import from Fedora
|
||||
- New release (v1.4.4)
|
||||
- New upstream URL
|
||||
|
||||
|
Loading…
Reference in new issue