Squashed 'yocto-poky/' content from commit ea562de
git-subtree-dir: yocto-poky
git-subtree-split: ea562de57590c966cd5a75fda8defecd397e6436
diff --git a/meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch b/meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch
new file mode 100644
index 0000000..cd6e6c1
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/Disable-services-from-inetd.conf-if-a-service-with-t.patch
@@ -0,0 +1,86 @@
+Upstream-Status: Pending [from other distro Debian]
+
+From d588b6530e1382a624898b3f4307f636c72c80a9 Mon Sep 17 00:00:00 2001
+From: Pierre Habouzit <madcoder@debian.org>
+Date: Wed, 28 Nov 2007 10:13:08 +0100
+Subject: [PATCH] Disable services from inetd.conf if a service with the same id exists.
+
+ This way, if a service is enabled in /etc/xinetd* _and_ in
+/etc/inetd.conf, the one (even if disabled) from /etc/xinetd* takes
+precedence.
+
+Signed-off-by: Pierre Habouzit <madcoder@debian.org>
+---
+ xinetd/inet.c | 22 +++++++++++++++++++---
+ 1 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/xinetd/inet.c b/xinetd/inet.c
+index 1cb2ba2..8caab45 100644
+--- a/xinetd/inet.c
++++ b/xinetd/inet.c
+@@ -23,6 +23,8 @@
+ #include "parsesup.h"
+ #include "nvlists.h"
+
++static psi_h iter ;
++
+ static int get_next_inet_entry( int fd, pset_h sconfs,
+ struct service_config *defaults);
+
+@@ -32,12 +34,15 @@ void parse_inet_conf_file( int fd, struct configuration *confp )
+ struct service_config *default_config = CNF_DEFAULTS( confp );
+
+ line_count = 0;
++ iter = psi_create (sconfs);
+
+ for( ;; )
+ {
+ if (get_next_inet_entry(fd, sconfs, default_config) == -2)
+ break;
+ }
++
++ psi_destroy(iter);
+ }
+
+ static int get_next_inet_entry( int fd, pset_h sconfs,
+@@ -46,7 +51,7 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
+ char *p;
+ str_h strp;
+ char *line = next_line(fd);
+- struct service_config *scp;
++ struct service_config *scp, *tmp;
+ unsigned u, i;
+ const char *func = "get_next_inet_entry";
+ char *name = NULL, *rpcvers = NULL, *rpcproto = NULL;
+@@ -405,7 +410,16 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
+ SC_SPECIFY( scp, A_SOCKET_TYPE );
+ SC_SPECIFY( scp, A_WAIT );
+
+- if( ! pset_add(sconfs, scp) )
++ for ( tmp = SCP( psi_start( iter ) ) ; tmp ; tmp = SCP( psi_next(iter)) ){
++ if (EQ(SC_ID(scp), SC_ID(tmp))) {
++ parsemsg(LOG_DEBUG, func, "removing duplicate service %s", SC_NAME(scp));
++ sc_free(scp);
++ scp = NULL;
++ break;
++ }
++ }
++
++ if( scp && ! pset_add(sconfs, scp) )
+ {
+ out_of_memory( func );
+ pset_destroy(args);
+@@ -414,7 +428,9 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
+ }
+
+ pset_destroy(args);
+- parsemsg( LOG_DEBUG, func, "added service %s", SC_NAME(scp));
++ if (scp) {
++ parsemsg( LOG_DEBUG, func, "added service %s", SC_NAME(scp));
++ }
+ return 0;
+ }
+
+--
+1.5.3.6.2040.g15e6
+
diff --git a/meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch b/meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch
new file mode 100644
index 0000000..8e59cdc
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/Various-fixes-from-the-previous-maintainer.patch
@@ -0,0 +1,79 @@
+Upstream-Status: Pending [from other distro Debian]
+
+From a3410b0bc81ab03a889d9ffc14e351badf8372f1 Mon Sep 17 00:00:00 2001
+From: Pierre Habouzit <madcoder@debian.org>
+Date: Mon, 26 Nov 2007 16:02:04 +0100
+Subject: [PATCH] Various fixes from the previous maintainer.
+
+---
+ xinetd/child.c | 20 +++++++++++++++++---
+ xinetd/service.c | 8 ++++----
+ 2 files changed, 21 insertions(+), 7 deletions(-)
+
+diff --git a/xinetd/child.c b/xinetd/child.c
+index 89ee54c..48e9615 100644
+--- a/xinetd/child.c
++++ b/xinetd/child.c
+@@ -284,6 +284,7 @@ void child_process( struct server *serp )
+ connection_s *cp = SERVER_CONNECTION( serp ) ;
+ struct service_config *scp = SVC_CONF( sp ) ;
+ const char *func = "child_process" ;
++ int fd, null_fd;
+
+ signal_default_state();
+
+@@ -296,9 +297,22 @@ void child_process( struct server *serp )
+ signals_pending[0] = -1;
+ signals_pending[1] = -1;
+
+- Sclose(0);
+- Sclose(1);
+- Sclose(2);
++ if ( ( null_fd = open( "/dev/null", O_RDONLY ) ) == -1 )
++ {
++ msg( LOG_ERR, func, "open('/dev/null') failed: %m") ;
++ _exit( 1 ) ;
++ }
++
++ for ( fd = 0 ; fd <= MAX_PASS_FD ; fd++ )
++ {
++ if ( fd != null_fd && dup2( null_fd, fd ) == -1 )
++ {
++ msg( LOG_ERR, func, "dup2(%d, %d) failed: %m") ;
++ _exit( 1 ) ;
++ }
++ }
++ if ( null_fd > MAX_PASS_FD )
++ (void) Sclose( null_fd ) ;
+
+
+ #ifdef DEBUG_SERVER
+diff --git a/xinetd/service.c b/xinetd/service.c
+index 3d68d78..0132d6c 100644
+--- a/xinetd/service.c
++++ b/xinetd/service.c
+@@ -745,8 +745,8 @@ static status_e failed_service(struct service *sp,
+ return FAILED;
+
+ if ( last == NULL ) {
+- last = SAIN( calloc( 1, sizeof(union xsockaddr) ) );
+- SVC_LAST_DGRAM_ADDR(sp) = (union xsockaddr *)last;
++ SVC_LAST_DGRAM_ADDR(sp) = SAIN( calloc( 1, sizeof(union xsockaddr) ) );
++ last = SAIN( SVC_LAST_DGRAM_ADDR(sp) );
+ }
+
+ (void) time( ¤t_time ) ;
+@@ -772,8 +772,8 @@ static status_e failed_service(struct service *sp,
+ return FAILED;
+
+ if( last == NULL ) {
+- last = SAIN6(calloc( 1, sizeof(union xsockaddr) ) );
+- SVC_LAST_DGRAM_ADDR( sp ) = (union xsockaddr *)last;
++ SVC_LAST_DGRAM_ADDR(sp) = SAIN6(calloc( 1, sizeof(union xsockaddr) ) );
++ last = SAIN6(SVC_LAST_DGRAM_ADDR(sp));
+ }
+
+ (void) time( ¤t_time ) ;
+--
+1.5.3.6.2040.g15e6
+
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000..0542dbe
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,32 @@
+xinetd: CVE-2013-4342
+
+xinetd does not enforce the user and group configuration directives
+for TCPMUX services, which causes these services to be run as root
+and makes it easier for remote attackers to gain privileges by
+leveraging another vulnerability in a service.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
+
+the patch come from:
+https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ xinetd/builtins.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xinetd/builtins.c b/xinetd/builtins.c
+index 3b85579..34a5bac 100644
+--- a/xinetd/builtins.c
++++ b/xinetd/builtins.c
+@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
+ if( SC_IS_INTERNAL( scp ) ) {
+ SC_INTERNAL(scp, nserp);
+ } else {
+- exec_server(nserp);
++ child_process(nserp);
+ }
+ }
+
+--
+1.7.9.5
+
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch
new file mode 100644
index 0000000..2365ca1
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch
@@ -0,0 +1,112 @@
+Upstream-Status: Pending [from other distro Debian]
+
+From f44b218ccc779ab3f4aed072390ccf129d94b58d Mon Sep 17 00:00:00 2001
+From: David Madore <david@pleiades.stars>
+Date: Mon, 24 Mar 2008 12:45:36 +0100
+Subject: [PATCH] xinetd should be able to listen on IPv6 even in -inetd_compat mode
+
+xinetd does not bind to IPv6 addresses (and does not seem to have an
+option to do so) when used in -inetd_compat mode. As current inetd's
+are IPv6-aware, this is a problem: this means xinetd cannot be used as
+a drop-in inetd replacement.
+
+The attached patch is a suggestion: it adds a -inetd_ipv6 global
+option that, if used, causes inetd-compatibility lines to have an
+implicit "IPv6" option. Perhaps this is not the best solution, but
+there should definitely be a way to get inetd.conf to be read in
+IPv6-aware mode.
+---
+ xinetd/confparse.c | 1 +
+ xinetd/inet.c | 17 +++++++++++++++++
+ xinetd/options.c | 3 +++
+ xinetd/xinetd.man | 6 ++++++
+ 4 files changed, 27 insertions(+), 0 deletions(-)
+
+diff --git a/xinetd/confparse.c b/xinetd/confparse.c
+index db9f431..d7b0bcc 100644
+--- a/xinetd/confparse.c
++++ b/xinetd/confparse.c
+@@ -40,6 +40,7 @@
+ #include "inet.h"
+ #include "main.h"
+
++extern int inetd_ipv6;
+ extern int inetd_compat;
+
+ /*
+diff --git a/xinetd/inet.c b/xinetd/inet.c
+index 8caab45..2e617ae 100644
+--- a/xinetd/inet.c
++++ b/xinetd/inet.c
+@@ -25,6 +25,8 @@
+
+ static psi_h iter ;
+
++extern int inetd_ipv6;
++
+ static int get_next_inet_entry( int fd, pset_h sconfs,
+ struct service_config *defaults);
+
+@@ -360,6 +362,21 @@ static int get_next_inet_entry( int fd, pset_h sconfs,
+ }
+ SC_SERVER_ARGV(scp)[u] = p;
+ }
++
++ /* Set the IPv6 flag if we were passed the -inetd_ipv6 option */
++ if ( inetd_ipv6 )
++ {
++ nvp = nv_find_value( service_flags, "IPv6" );
++ if ( nvp == NULL )
++ {
++ parsemsg( LOG_WARNING, func, "inetd.conf - Bad foo %s", name ) ;
++ pset_destroy(args);
++ sc_free(scp);
++ return -1;
++ }
++ M_SET(SC_XFLAGS(scp), nvp->value);
++ }
++
+ /* Set the reuse flag, as this is the default for inetd */
+ nvp = nv_find_value( service_flags, "REUSE" );
+ if ( nvp == NULL )
+diff --git a/xinetd/options.c b/xinetd/options.c
+index b058b6a..dc2f3a0 100644
+--- a/xinetd/options.c
++++ b/xinetd/options.c
+@@ -30,6 +30,7 @@ int logprocs_option ;
+ unsigned logprocs_option_arg ;
+ int stayalive_option=0;
+ char *program_name ;
++int inetd_ipv6 = 0 ;
+ int inetd_compat = 0 ;
+ int dont_fork = 0;
+
+@@ -128,6 +129,8 @@ int opt_recognize( int argc, char *argv[] )
+ fprintf(stderr, "\n");
+ exit(0);
+ }
++ else if ( strcmp ( &argv[ arg ][ 1 ], "inetd_ipv6" ) == 0 )
++ inetd_ipv6 = 1;
+ else if ( strcmp ( &argv[ arg ][ 1 ], "inetd_compat" ) == 0 )
+ inetd_compat = 1;
+ }
+diff --git a/xinetd/xinetd.man b/xinetd/xinetd.man
+index c76c3c6..c9dd803 100644
+--- a/xinetd/xinetd.man
++++ b/xinetd/xinetd.man
+@@ -106,6 +106,12 @@ This option causes xinetd to read /etc/inetd.conf in addition to the
+ standard xinetd config files. /etc/inetd.conf is read after the
+ standard xinetd config files.
+ .TP
++.BI \-inetd_ipv6
++This option causes xinetd to bind to IPv6 (AF_INET6) addresses for
++inetd compatibility lines (see previous option). This only affects
++how /etc/inetd.conf is interpreted and thus only has any effect if
++the \-inetd_compat option is also used.
++.TP
+ .BI \-cc " interval"
+ This option instructs
+ .B xinetd
+--
+1.5.5.rc0.127.gb4337
+
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.conf b/meta/recipes-extended/xinetd/xinetd/xinetd.conf
new file mode 100644
index 0000000..9e6ea25
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd.conf
@@ -0,0 +1,11 @@
+# Simple configuration file for xinetd
+#
+# Some defaults, and include /etc/xinetd.d/
+
+defaults
+{
+
+
+}
+
+includedir /etc/xinetd.d
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.default b/meta/recipes-extended/xinetd/xinetd/xinetd.default
new file mode 100644
index 0000000..20a38e3
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd.default
@@ -0,0 +1,12 @@
+# Default settings for xinetd. This file is sourced by /bin/sh from
+# /etc/init.d/xinetd
+
+# enable xinetd Inetd compat mode
+INETD_COMPAT=Yes
+
+# Options to pass to xinetd
+#
+# -stayalive comes by default : it can be removed if xinetd is expected
+# not to start when no service is configured
+#
+XINETD_OPTS="-stayalive"
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.init b/meta/recipes-extended/xinetd/xinetd/xinetd.init
new file mode 100644
index 0000000..777c2c8
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd.init
@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# /etc/init.d/xinetd -- script to start and stop xinetd.
+
+# Source function library.
+. /etc/init.d/functions
+
+if test -f /etc/default/xinetd; then
+ . /etc/default/xinetd
+fi
+
+
+test -x /usr/sbin/xinetd || exit 0
+
+checkportmap () {
+ if grep "^[^ *#]" /etc/xinetd.conf | grep -q 'rpc/'; then
+ if ! rpcinfo -u localhost portmapper >/dev/null 2>&1; then
+ echo
+ echo "WARNING: portmapper inactive - RPC services unavailable!"
+ echo " Commenting out or removing the RPC services from"
+ echo " the /etc/xinetd.conf file will remove this message."
+ echo
+ fi
+ fi
+}
+
+case "$1" in
+ start)
+ checkportmap
+ echo -n "Starting internet superserver: xinetd"
+ start-stop-daemon --start --quiet --background --exec /usr/sbin/xinetd -- -pidfile /var/run/xinetd.pid $XINETD_OPTS
+ echo "."
+ ;;
+ stop)
+ echo -n "Stopping internet superserver: xinetd"
+ start-stop-daemon --stop --signal 3 --quiet --exec /usr/sbin/xinetd
+ echo "."
+ ;;
+ status)
+ status /usr/sbin/xinetd;
+ exit $?
+ ;;
+ reload)
+ echo -n "Reloading internet superserver configuration: xinetd"
+ start-stop-daemon --stop --signal 1 --quiet --exec /usr/sbin/xinetd
+ echo "."
+ ;;
+ force-reload)
+ echo "$0 force-reload: Force Reload is deprecated"
+ echo -n "Forcefully reloading internet superserver configuration: xinetd"
+ start-stop-daemon --stop --signal 1 --quiet --exec /usr/sbin/xinetd
+ echo "."
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ ;;
+ *)
+ echo "Usage: /etc/init.d/xinetd {start|stop|status|reload|force-reload|restart}"
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd.service b/meta/recipes-extended/xinetd/xinetd/xinetd.service
new file mode 100644
index 0000000..d5fdc5b
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Xinetd A Powerful Replacement For Inetd
+After=syslog.target network.target
+
+[Service]
+Type=forking
+PIDFile=/var/run/xinetd.pid
+EnvironmentFile=-/etc/sysconfig/xinetd
+ExecStart=@SBINDIR@/xinetd -stayalive -pidfile /var/run/xinetd.pid "$EXTRAOPTIONS"
+ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
new file mode 100644
index 0000000..ffc03e5
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
@@ -0,0 +1,68 @@
+SUMMARY = "Socket-based service activation daemon"
+HOMEPAGE = "https://github.com/xinetd-org/xinetd"
+
+# xinetd is a BSD-like license
+# Apple and Gentoo say BSD here.
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8ad8615198542444f84d28a6cf226dd8"
+
+DEPENDS = ""
+PR = "r2"
+
+SRC_URI = "git://github.com/xinetd-org/xinetd.git;protocol=https \
+ file://xinetd.init \
+ file://xinetd.conf \
+ file://xinetd.default \
+ file://Various-fixes-from-the-previous-maintainer.patch \
+ file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \
+ file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \
+ file://xinetd-CVE-2013-4342.patch \
+ file://xinetd.service \
+ "
+
+SRCREV = "68bb9ab9e9f214ad8a2322f28ac1d6733e70bc24"
+
+S = "${WORKDIR}/git"
+
+inherit autotools update-rc.d systemd
+
+SYSTEMD_SERVICE_${PN} = "xinetd.service"
+
+INITSCRIPT_NAME = "xinetd"
+INITSCRIPT_PARAMS = "defaults"
+
+EXTRA_OECONF="--disable-nls"
+
+PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG[tcp-wrappers] = "--with-libwrap,,tcp-wrappers"
+
+do_configure() {
+ # Looks like configure.in is broken, so we are skipping
+ # rebuilding configure and are just using the shipped one
+ ( cd ${S}; gnu-configize --force )
+ oe_runconf
+}
+
+do_install() {
+ # Same here, the Makefile does some really stupid things,
+ # but since we only want two files why not override
+ # do_install from autotools and doing it ourselfs?
+ install -d "${D}${sbindir}"
+ install -d "${D}${sysconfdir}/init.d"
+ install -d "${D}${sysconfdir}/xinetd.d"
+ install -d "${D}${sysconfdir}/default"
+ install -m 644 "${WORKDIR}/xinetd.conf" "${D}${sysconfdir}"
+ install -m 755 "${WORKDIR}/xinetd.init" "${D}${sysconfdir}/init.d/xinetd"
+ install -m 644 "${WORKDIR}/xinetd.default" "${D}${sysconfdir}/default/xinetd"
+ install -m 755 "${B}/xinetd/xinetd" "${D}${sbindir}"
+ install -m 755 "${B}/xinetd/itox" "${D}${sbindir}"
+
+ # Install systemd unit files
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/xinetd.service ${D}${systemd_unitdir}/system
+ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ ${D}${systemd_unitdir}/system/xinetd.service
+}
+
+CONFFILES_${PN} = "${sysconfdir}/xinetd.conf"