Compare commits

..

No commits in common. 'c8' and 'c9' have entirely different histories.
c8 ... c9

@ -0,0 +1,70 @@
From 754ea50b570f72609b1931883bf9908d70ead089 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 19 Apr 2021 11:35:26 -0400
Subject: [PATCH 3/3] Port to libidn2
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
configure.ac | 20 ++++++++++----------
src/lib/hesiod.c | 7 +++----
2 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/configure.ac b/configure.ac
index 9098afa..792345a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,16 +29,16 @@ AC_PROG_LIBTOOL
# Checks for libraries.
hesiod_save_LIBS="$LIBS"
LIBS=
-AC_ARG_WITH([libidn],
- [AS_HELP_STRING([--with-libidn], [Support IDN (needs GNU libidn) @<:@check@:>@])],
- [with_libidn="$withval"],
- [with_libidn="check"])
-AS_IF([test x"$with_libidn" != xno],
- [AC_SEARCH_LIBS([stringprep_check_version], [idn],
- [AC_DEFINE([HAVE_LIBIDN], [1], [Define if libidn is available.])],
- [AS_IF([test x"$with_idn" = xcheck],
- [AC_MSG_WARN([Unable to find libidn.])],
- [AC_MSG_ERROR([--with-libidn was given but libidn was not found.])])])])
+AC_ARG_WITH([libidn2],
+ [AS_HELP_STRING([--with-libidn2], [Support IDN2 (needs libidn2) @<:@check@:>@])],
+ [with_libidn2="$withval"],
+ [with_libidn2="check"])
+AS_IF([test x"$with_libidn2" != xno],
+ [AC_SEARCH_LIBS([idn2_to_ascii_8z], [idn2],
+ [AC_DEFINE([HAVE_LIBIDN2], [1], [Define if libidn2 is available.])],
+ [AS_IF([test x"$with_idn2" = xcheck],
+ [AC_MSG_WARN([Unable to find libidn2.])],
+ [AC_MSG_ERROR([--with-libidn2 was given but libidn2 was not found.])])])])
AC_CHECK_LIB([resolv], [res_mkquery], [], [
AC_MSG_CHECKING([if res_mkquery is provided by libresolv with mangled symbols])
diff --git a/src/lib/hesiod.c b/src/lib/hesiod.c
index e69a8ca..3745d69 100644
--- a/src/lib/hesiod.c
+++ b/src/lib/hesiod.c
@@ -70,9 +70,8 @@ static const char rcsid[] = "$Id: hesiod.c,v 1.30 2002-04-03 21:40:55 ghudson Ex
#include <string.h>
#include <unistd.h>
#include <ctype.h>
-#ifdef HAVE_LIBIDN
-#include <idna.h>
-#include <idn-free.h>
+#ifdef HAVE_LIBIDN2
+#include <idn2.h>
#endif
#include "hesiod.h"
@@ -233,7 +232,7 @@ char *hesiod_to_bind(void *context, const char *name, const char *type)
hesiod_free_list(context, rhs_list);
/* Make a copy of the result and return it to the caller. */
-#ifdef HAVE_LIBIDN
+#ifdef HAVE_LIBIDN2
rc = idna_to_ascii_lz(bindname, &idn_ret, 0);
if (rc != IDNA_SUCCESS)
{
--
2.31.0

@ -0,0 +1,70 @@
From 91e404cce156bcf74942309a7003fa0dc60b8258 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Tue, 3 May 2016 13:34:32 -0400
Subject: [PATCH 2/3] Remove hard-coded defaults for LHS and RHS
Don't fall back to using a default LHS or RHS when the configuration
file can't be read. Instead, return an error.
Original report from https://bugzilla.redhat.com/show_bug.cgi?id=1332493
(cherry picked from commit 247e2ce1f2aff40040657acaae7f1a1d673d6618)
---
src/lib/Makefile.am | 2 +-
src/lib/hesiod.c | 21 +--------------------
2 files changed, 2 insertions(+), 21 deletions(-)
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index d092565..e6324b1 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -15,7 +15,7 @@ noinst_PROGRAMS = hestest
hestest_SOURCES = hestest.c
hestest_LDADD = libhesiod.la
-TESTS_ENVIRONMENT = ./hestest
+TESTS_ENVIRONMENT = HESIOD_CONFIG=$(srcdir)/hesiod.conf.sample ./hestest
TESTS = hestest.conf
EXTRA_DIST = hesiod.conf.sample hestest.conf
diff --git a/src/lib/hesiod.c b/src/lib/hesiod.c
index 2738713..e69a8ca 100644
--- a/src/lib/hesiod.c
+++ b/src/lib/hesiod.c
@@ -81,10 +81,6 @@ static const char rcsid[] = "$Id: hesiod.c,v 1.30 2002-04-03 21:40:55 ghudson Ex
#define T_TXT 16
#endif
-/* Defaults if the configuration file is not present. */
-#define DEF_RHS ".athena.mit.edu"
-#define DEF_LHS ".ns"
-
/* Maximum size of a Hesiod response from the DNS. */
#define MAX_HESRESP 1024
@@ -301,22 +297,7 @@ static int read_config_file(struct hesiod_p *ctx, const char *filename)
/* Try to open the configuration file. */
fp = fopen(filename, "r");
if (!fp)
- {
- /* Use compiled in default domain names. */
- ctx->lhs = malloc(strlen(DEF_LHS) + 1);
- ctx->rhs = malloc(strlen(DEF_RHS) + 1);
- if (ctx->lhs && ctx->rhs)
- {
- strcpy(ctx->lhs, DEF_LHS);
- strcpy(ctx->rhs, DEF_RHS);
- return 0;
- }
- else
- {
- errno = ENOMEM;
- return -1;
- }
- }
+ return -1;
ctx->lhs = NULL;
ctx->rhs = NULL;
--
2.31.0

@ -0,0 +1,78 @@
From bb33136afa333268705c26e4f7e75b93e88db9bd Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Tue, 3 May 2016 13:32:25 -0400
Subject: [PATCH 1/3] Use secure_getenv() when it's available
Factor out logic that attempts to only consult the environment when it's
safe to do so into its own function, and use secure_getenv() instead of
getenv() if it's available. Original report from
https://bugzilla.redhat.com/show_bug.cgi?id=1332508
(cherry picked from commit 39b21dac9bc6473365de04d94be0da94941c7c73)
---
configure.ac | 3 ++-
src/lib/hesiod.c | 15 +++++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index e5e94d4..9098afa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,6 +9,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_SRCDIR([src/lib/hesiod.h])
AC_CONFIG_HEADERS([config.h])
+AC_USE_SYSTEM_EXTENSIONS
# Checks for programs.
AC_PROG_CC
@@ -80,7 +81,7 @@ AC_EGREP_HEADER([pw_expire], [pwd.h],
# Checks for library functions.
AC_FUNC_MALLOC
AC_FUNC_REALLOC
-AC_CHECK_FUNCS([strchr strdup])
+AC_CHECK_FUNCS([strchr strdup secure_getenv])
AC_CONFIG_FILES([
Makefile
diff --git a/src/lib/hesiod.c b/src/lib/hesiod.c
index c96aebe..2738713 100644
--- a/src/lib/hesiod.c
+++ b/src/lib/hesiod.c
@@ -99,6 +99,17 @@ static int read_config_file(struct hesiod_p *ctx, const char *filename);
static char **get_txt_records(struct hesiod_p *ctx, const char *name);
static int cistrcmp(const char *s1, const char *s2);
+static const char *hesiod_getenv(const char *e)
+{
+ if ((getuid() != geteuid()) || (getgid() != getegid()))
+ return NULL;
+#ifdef HAVE_SECURE_GETENV
+ return secure_getenv(e);
+#else
+ return getenv(e);
+#endif
+}
+
/* This function is called to initialize a hesiod_p. */
int hesiod_init(void **context)
{
@@ -109,13 +120,13 @@ int hesiod_init(void **context)
if (ctx)
{
*context = ctx;
- configname = ((getuid() == geteuid()) && (getgid() == getegid())) ? getenv("HESIOD_CONFIG") : NULL;
+ configname = hesiod_getenv("HESIOD_CONFIG");
if (!configname)
configname = SYSCONFDIR "/hesiod.conf";
if (read_config_file(ctx, configname) >= 0)
{
/* The default rhs can be overridden by an environment variable. */
- p = ((getuid() == geteuid()) && (getgid() == getegid())) ? getenv("HES_DOMAIN") : NULL;
+ p = hesiod_getenv("HES_DOMAIN");
if (p)
{
if (ctx->rhs)
--
2.31.0

@ -1,19 +1,25 @@
Name: hesiod Name: hesiod
Version: 3.2.1 Version: 3.2.1
Release: 11%{?dist} Release: 16%{?dist}
License: MIT License: MIT
Summary: Shared libraries for querying the Hesiod naming service Summary: Shared libraries for querying the Hesiod naming service
Source: ftp://athena-dist.mit.edu/pub/ATHENA/hesiod/hesiod-%{version}.tar.gz Source: ftp://athena-dist.mit.edu/pub/ATHENA/hesiod/hesiod-%{version}.tar.gz
BuildRequires: autoconf, automake, libtool, libidn-devel Patch0: Use-secure_getenv-when-it-s-available.patch
Patch1: Remove-hard-coded-defaults-for-LHS-and-RHS.patch
Patch2: Port-to-libidn2.patch
BuildRequires: autoconf, automake, libtool, libidn2-devel, git
Obsoletes: hesinfo < 3.2 Obsoletes: hesinfo < 3.2
%description %global _description\
Hesiod is a system which uses existing DNS functionality to provide access Hesiod is a system which uses existing DNS functionality to provide access\
to databases of information that changes infrequently. It is often used to to databases of information that changes infrequently. It is often used to\
distribute information kept in the /etc/passwd, /etc/group, and /etc/printcap distribute information kept in the /etc/passwd, /etc/group, and /etc/printcap\
files, among others. files, among others.
%description %_description
%package devel %package devel
Summary: Development libraries and headers for Hesiod Summary: Development libraries and headers for Hesiod
Requires: hesiod = %{version}-%{release} Requires: hesiod = %{version}-%{release}
@ -26,8 +32,15 @@ distribute information which might otherwise kept in the /etc/passwd,
ensure the files are synchronized among multiple hosts. This package contains ensure the files are synchronized among multiple hosts. This package contains
the header files and libraries required for building programs which use Hesiod. the header files and libraries required for building programs which use Hesiod.
%package -n compat-hesiod
Summary: %summary
Provides: hesiod = %{version}-%{release}
Obsoletes: hesiod <= %{version}-%{release}
%description -n compat-hesiod %_description
%prep %prep
%setup -q %autosetup -S git
autoreconf -vif autoreconf -vif
%build %build
@ -43,7 +56,7 @@ find %{buildroot} -type f -name "*.la" -delete
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%files %files -n compat-hesiod
%license COPYING %license COPYING
%doc README NEWS %doc README NEWS
%{_bindir}/* %{_bindir}/*
@ -58,6 +71,25 @@ find %{buildroot} -type f -name "*.la" -delete
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.1-16
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Apr 19 2021 Robbie Harwood <rharwood@redhat.com> - 3.2.1-15
- Import from RHEL 8 and old Fedora; port to libidn2
- Resolves: #1944157
* Thu Oct 11 2018 Robbie Harwood <rharwood@redhat.com> - 3.2.1-14
- Fix CVE-2016-10152 (hardcoded DNS fallback)
- Fix CVE-2016-10151 (weak SUID check)
- Move package to autosetup
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri May 18 2018 Adam Williamson <awilliam@redhat.com> - 3.2.1-12
- Rebuild for new libidn
* Mon Apr 2 2018 Peter Robinson <pbrobinson@fedoraproject.org> 3.2.1-11 * Mon Apr 2 2018 Peter Robinson <pbrobinson@fedoraproject.org> 3.2.1-11
- Cleanup and modernise spec - Cleanup and modernise spec

Loading…
Cancel
Save