debian/0000755000000000000000000000000012262534731007173 5ustar debian/xinetd.default0000644000000000000000000000047412232702720012031 0ustar # Default settings for xinetd. This file is sourced by /bin/sh from # /etc/init.d/xinetd # enable xinetd Inetd compat mode INETD_COMPAT=Yes # Options to pass to xinetd # # -stayalive comes by default : it can be removed if xinetd is expected # not to start when no service is configured # XINETD_OPTS="-stayalive" debian/xinetd.examples0000644000000000000000000000004612232702720012216 0ustar xinetd/sample.conf contrib/empty.conf debian/copyright0000644000000000000000000000467412232702720011131 0ustar xinetd was first debianized by Boris D. Beletsky, and later maintained by Adam Heath and Norbert Veber. Josip Rodin maintained it for a while, then Daniel Silverstone. It is currently maintained by Thomas Seyrat . Original source may be found at: http://synack.net/xinetd/ Another useful URL is http://www.xinetd.org/ Upstream maintainer is: Rob Braun This software is (c) Copyright 1992 by Panagiotis Tsirigotis The author (Panagiotis Tsirigotis) grants permission to use, copy, and distribute this software and its documentation for any purpose and without fee, provided that the above copyright notice extant in files in this distribution is not removed from files included in any redistribution and that this copyright notice is also included in any redistribution. Modifications to this software may be distributed, either by distributing the modified software or by distributing patches to the original software, under the following additional terms: 1. The version number will be modified as follows: a. The first 3 components of the version number (i.e ..) will remain unchanged. b. A new component will be appended to the version number to indicate the modification level. The form of this component is up to the author of the modifications. 2. The author of the modifications will include his/her name by appending it along with the new version number to this file and will be responsible for any wrong behavior of the modified software. The author makes no representations about the suitability of this software for any purpose. It is provided "as is" without any express or implied warranty. Modifications: Version: 2.1.8.7-current Copyright 1998-2001 by Rob Braun Sensor Addition Version: 2.1.8.9pre14a Copyright 2001 by Steve Grubb This is an exerpt from an email I received from the original author, allowing xinetd as maintained by me, to use the higher version numbers: I appreciate your maintaining the version string guidelines as specified in the copyright. But I did not mean them to last as long as they did. So, if you want, you may use any 2.N.* (N >= 3) version string for future xinetd versions that you release. Note that I am excluding the 2.2.* line; using that would only create confusion. Naming the next release 2.3.0 would put to rest the confusion about 2.2.1 and 2.1.8.*. (by Rob Braun) debian/xinetd.org-FAQ.html0000644000000000000000000002664412232702720012553 0ustar xinetd faq

xinetd FAQ

What is xinetd
Is it compatible with inetd ?
Why should I use xinetd?
Who is responsible for xinetd?
What's up with xinetd 2.2.1?
I am not a system administrator; what do I care about an inetd replacement ?
Where can I get xinetd?
Has anyone gotten xinetd working with qmail?
What platforms does xinetd work on?
How do I use itox?
Does xinetd support tcpwrappers?
Does xinetd support IPv6?
No services start with IPv6! What's the deal?
What's this setgroups(0, NULL) error?
Why can't telnetd start normally on Linux?
How can I use xinetd to wrap SSL around services?
How do I setup a cvs server with xinetd?
Q. What is xinetd ?
 A. xinetd is a replacement for inetd, the internet services daemon.

Q: I am not a system administrator; what do I care about an inetd replacement ?
A: xinetd is not just an inetd replacement. Anybody can use it to start servers that don't require privileged ports because xinetd does not require that the services in its configuration file be listed in /etc/services.

Q. Is it compatible with inetd ?
 A. No, its configuration file has a different format than inetd's one and it understands different signals. However the signal-to-action assignment can be changed and a program has been included to convert inetd.conf to xinetd.conf.


Q. Why should I use it ?
 A. Because it is a lot better (IMHO) than inetd. Here are the reasons:

1) It can do access control on all services based on:
a. address of remote host
b. time of access
c. name of remote host
d. domain name of remote host
2) Access control works on all services, whether multi-threaded or single-threaded and for both the TCP and UDP protocols. All UDP packets can be checked as well as all TCP connections.
3) It provides hard reconfiguration:
a. kills servers for services that are no longer in the configuration file
b. kills servers that no longer meet the access control criteria
4) It can prevent denial-of-access attacks by
a. placing limits on the number of servers for each service (avoids process table overflows)
b. placing an upper bound on the number of processes it will fork
c. placing limits on the size of log files it creates
d. placing limits on the number of connection a single host can initiate
e. place limits on the rate of incoming connections
f. discontinue services if the load exceeds specified limit
5) Extensive logging abilities:
a. for every server started it can log:
i) the time when the server was started
ii) the remote host address
iii) who was the remote user (if the other end runs a RFC-931/RFC-1413 server)
iv) how long the server was running
(i, ii and iii can be logged for failed attempts too).
b. for some services, if the access control fails, it can log information about the attempted access (for example, it can log the user name and command for the rsh service)
6) No limit on number of server arguments
7) You can bind specifc services to specific IP's on your host machine


Q. Whom should I thank/blame for this program ?
 A. panos@cs.colorado.edu originally wrote this program, but I am fielding bug reports at this time.

Q. What's up with 2.2.1 version of xinetd?
A. The most recent original version of xinetd was 2.1.1 with patches bringing it up to 2.1.8. Nick Hilliard created xinetd 2.2.1, based off an unreleased xinetd 2.2.0 by Panos. The copyright included with xinetd specified the required versioning to be the official release of xinetd (2.1.8 in this case) and a fourth version number tacked on to indicate the modification level. This is the versioning I have adopted. xinetd 2.1.8.X, which is available here, is not based off xinetd 2.2.0 or higher. It was created from the codebase of xinetd 2.1.8, although I have re-implemented some of the features introduced in xinetd-2.2.1.

Q. Where can I find the latest-and-greatest version ?
 A. The xinetd source can be obtained from http://www.synack.net/xinetd

Q. Has anyone been able to get qmail working with xinetd?
 A. yes, here is the entry info 
service smtp
{
        flags           = REUSE NAMEINARGS
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = qmaild
        server          = /usr/sbin/tcpd
        server_args     = /var/qmail/bin/tcp-env -R /var/qmail/bin/qmail-smtpd
}
Contributed by: Anthony Abby
This method will allow you to set environment variables and whatnot in /etc/hosts.allow. Although xinetd can be compiled with libwrap support, this doesn't mean it can completly replace tcpd's functionality. xinetd calls host_access(), which performs the access control documented in host_access(5) man page. This is a subset of the features offered by tcpd.

Q. What platforms is xinetd know to work on?
 A. I have run it on Solaris 2.6 (sparc and x86), Linux, BSDi, and IRIX 5.3 and 6.2. The original package ran on SunOS 4 and Ultrix.

Q. How to do setup a chrooted environment for a service?
A. Here is the config file entry: 
service telnet_chroot
{
        log_on_success  = HOST PID DURATION USERID
        log_on_failure 	= HOST RECORD USERID
	no_access 	= 152.30.11.93
        socket_type     = stream
        protocol        = tcp
	port 		= 8000
        wait            = no
        user            = root
        server          = /usr/sbin/chroot
	server_args 	= /var/public/servers /usr/libexec/telnetd
}
Contributed by: lburns@sasquatch.com

Q. How do I use itox?
A. itox reads in a regular inetd.conf file from stdin and writes an xinetd.conf file to stdout. In general, you use the command:
itox < /etc/inetd.conf > /etc/xinetd.conf
If your inetd.conf does not have explicit paths to each of the daemons, you must use the -daemon_dir option. Suppose all your daemons live in /usr/sbin, use the following command:
itox -daemon_dir=/usr/sbin < /etc/inetd.conf > /etc/xinetd.conf
itox is rather old and hasn't been updated for a while. xconv.pl is a perl script that is a little better about converting modern inetd.conf files. It's usage is similar to itox's.

Q. Does xinetd support libwrap (tcpwrappers)?
A. Yes. xinetd can be compiled with libwrap support by passing --with-libwrap as an option to the configure script. When xinetd is compiled with libwrap support, all services can use the /etc/hosts.allow and /etc/hosts.deny access control. xinetd can also be configured to use tcpd in the traditional inetd style. This requires the use of the NAMEINARGS flag, and the name of the real daemon be passed in as server_args. Here is an example for using telnet with tcpd: 
service telnet
{
	flags       = REUSE NAMEINARGS
	protocol    = tcp
	socket_type = stream
	wait        = no
	user        = telnetd
	server      = /usr/sbin/tcpd
	server_args = /usr/sbin/in.telnetd
}
Q. Does xinetd support IPv6?
A. Yes. xinetd can be compiled with IPv6 support by adding the --with-inet6 option to the configure script. Access control is functional with IPv6. You can use ipv4 mapped addresses, or give normal dotted quad ipv4 addresses for access control, and xinetd will map them to ipv6 addresses.

Q. No services start with IPv6! What's the deal?
A. When you compile IPv6 support in, all sockets are IPv6 sockets. If your kernel doesn't understand what an IPv6 socket is, all attempts to create sockets will fail, and no services will start. Only compile xinetd with IPv6 support if your kernel supports IPv6.

Q. What's this setgroups(0, NULL) error?
A. By default, xinetd does not allow group permissions to the server processes, and it does this by setting the groups of the child process to nothing. Some BSD's have a problem with this. To avoid this error, put the directive groups = yes into your services. This says to allow the server process to have all the group privleges entitled to the user the server process is running as.

Q. Why can't telnetd start normally on Linux?
A. On some Linux distributions, the telnet daemon starts as a nonprivleged user, but the user belongs to groups that allow it to open new tty's, and to update utmp. By default, xinetd does not allow group permissions to the server process, so telnetd can fail to start properly. To get the server process to posess the proper groups, use the groups = yes directive for the telnet service. This will tell xinetd that it is OK for the server process to start with all the groups the user has access to.

Q. How do I use xinetd to wrap SSL around services
A. Use the program stunnel to wrap SSL around services. This can actually be used by an inetd.

Q. How do I setup a cvs server with xinetd?
A. A user wrote in with this suggestion: 
cvspserver  stream tcp nowait root /usr/bin/cvs cvs --allow-root=/home/pauljohn/cvsroot  --allow-root=/home/pauljohn/cvsmisc pserver
If you want to make the same work under xinetd, you save a config file in /etc/xinetd.d called cvspserver, (where the last line tells it the names of your repositories): 
service cvspserver
{
	socket_type         = stream
	protocol            = tcp
	wait                = no
	user                = root
	passenv             = 
	server              = /usr/bin/cvs
	server_args         = --allow-root=/home/pauljohn/cvsroot --allow-root=/home/pauljohn/cvsmisc pserver -f
}
All the other cvs setup stuff is the same. This seems to work, afaik.

debian/changelog0000644000000000000000000007317512262534701011057 0ustar xinetd (1:2.3.15-3ubuntu1) trusty; urgency=medium * Merge with Debian; remaining changes: - Add xinetd upstart job. -- Matthias Klose Mon, 06 Jan 2014 15:09:55 +0100 xinetd (1:2.3.15-3) unstable; urgency=low * Add lintian override for script-with-language-extension. * "service xinetd status" shows the status of all the services as well. * Update config.{sub,guess} for AArch64. (Closes: #727277) -- Salvo 'LtWorf' Tomaselli Sat, 26 Oct 2013 11:00:10 +0200 xinetd (1:2.3.15-2) unstable; urgency=high * Fix CVE-2013-4342 making TCPMUX services change the uid. (Closes: #324678) -- Salvo 'LtWorf' Tomaselli Thu, 03 Oct 2013 16:13:32 +0200 xinetd (1:2.3.15-1ubuntu2) saucy; urgency=low * Update config.{sub,guess} for AArch64. -- Matthias Klose Thu, 10 Oct 2013 16:01:53 +0200 xinetd (1:2.3.15-1ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - Add xinetd upstart job. -- Jackson Doak Wed, 14 Aug 2013 19:26:27 +1000 xinetd (1:2.3.15-1) unstable; urgency=low * New upstream release. (Closes: #673531) * Drop all patches that were included upstream. * Store pidfile in /run rather than /var/run. * Use pidfile for start-stop-daemon. (Closes: #644515, #129086) (LP: #868538) * Port patch on 000008-fix-manpages to work on the new upstream version. -- Salvo 'LtWorf' Tomaselli Fri, 10 May 2013 13:47:18 +0200 xinetd (1:2.3.14-10) unstable; urgency=low * Upload to unstable. * Bump Standards-version to 3.9.4. * Use automatic doc-base rather than install it with xinetd.install. -- Salvo 'LtWorf' Tomaselli Mon, 06 May 2013 00:52:05 +0200 xinetd (1:2.3.14-9~exp1) experimental; urgency=low * Add $network in the LSB headers for the init script. * Add description in the LSB headers * Update LSB headers to indicate as providing itself and as replacement for inetd. * Fix a typo and some warnings in man pages (patch in 000008-fix-manpages). * Add debian/watch file. * Register the faq html file with doc-base. * Add more details to the previous changelog entry. * Use correct debhelper version in the Build-Deps: 9 instead of 9.0.0. * Add DEP-3 headers to the 000007-CVE-2012-0862 patch. * Remove extra whitespace from debian/xinet.d/*. * Wrap debian/rules to 80 columns. -- Salvo 'LtWorf' Tomaselli Sat, 18 Aug 2012 16:38:35 +0100 xinetd (1:2.3.14-8~exp1) experimental; urgency=low * New maintainer. (Closes: #661881) * Explicit switch to quilt, instead of hand made patch management. * Correct typo in README.Debian. (Closes: #611637) * Add status action in init.d. (Closes: #527887) * Defaults to rsyslog. (Closes: #526923) * Fix lintian warnings about missing recommended target. * Fix lintian warning maintainer-script-without-set-e. * New and simplified debian/rules using dh. * Let the scripts be generated automatically. * Use the debian way for patches. * Bump to latest Standards-Version. * Depend on debhelper 9. * Replace package VCS-* fields with new URL. * Bump compatibility level in debian/compat to 9. (Closes: #542729) -- Salvo 'LtWorf' Tomaselli Thu, 09 Aug 2012 23:23:20 +0200 xinetd (1:2.3.14-7.1ubuntu1) quantal; urgency=low * Merge from Debian unstable. (LP: #1016505) Remaining changes: - Add xinetd upstart job. - debian/{control,rules}: Add and enable hardened build for PIE. - debian/control: Add Depend on lsb >= 3.2-14, which has the status_of_proc() function. - debian/xinetd.init: Add the 'status' action. -- Logan Rosen Fri, 17 Aug 2012 00:41:51 -0400 xinetd (1:2.3.14-7.1) unstable; urgency=high * Non-maintainer upload. * Fix CVE-2012-0862 avoiding enabling unintentional services. (Closes: #672381) -- Luk Claes Sun, 27 May 2012 19:26:42 +0200 xinetd (1:2.3.14-7ubuntu4) natty; urgency=low * add xinetd upstart job (LP: #43574) -- Scott Moser Tue, 13 Jul 2010 09:24:49 -0400 xinetd (1:2.3.14-7ubuntu3) lucid; urgency=low * rebuild rest of main for armel armv7/thumb2 optimization; UbuntuSpec:mobile-lucid-arm-gcc-v7-thumb2 -- Alexander Sack Sun, 07 Mar 2010 01:11:56 +0100 xinetd (1:2.3.14-7ubuntu2) karmic; urgency=low * debian/{control,rules}: add and enable hardened build for PIE (Debian bug 542729). -- Kees Cook Thu, 20 Aug 2009 17:55:39 -0700 xinetd (1:2.3.14-7ubuntu1) intrepid; urgency=low * debian/control: Add Depend on lsb >= 3.2-14, which has the status_of_proc() function. * debian/xinetd.init: Add the 'status' action (LP: #251975). -- Andres Rodriguez Fri, 25 Jul 2008 13:10:34 -0500 xinetd (1:2.3.14-7) unstable; urgency=low * Update init.d to test if ipv6 support is built in the kernel before activating it by default. (Closes: #472755) -- Pierre Habouzit Wed, 26 Mar 2008 17:46:54 +0100 xinetd (1:2.3.14-6) unstable; urgency=low * Add patch from David Madore so that xinetd groks an -inetd_ipv6 mode, that works like -inetd_compat but also listen on IPv6 addresses. (Closes: #472436) * debian/control: - bump standards-version to 3.7.3 - update VCS-{Git,Browser} fields - fix Homepage field (http:// prefix was missing) -- Pierre Habouzit Mon, 24 Mar 2008 12:48:39 +0100 xinetd (1:2.3.14-5) unstable; urgency=medium * Fix wrong ordering of the sed arguments in postinst script. Thanks to Martin F Krafft . (Closes: 453371) -- Pierre Habouzit Thu, 29 Nov 2007 09:29:55 +0100 xinetd (1:2.3.14-4) unstable; urgency=low * Add Disable-services-with-a-duplicated-id.patch: if a service has the same id and is configured in both xinetd configuration directories _and_ in /etc/inetd.conf, the configuration (even if disabled) from xinetd directories takes precedence. * /etc/default/xinetd wasn't installed anymore because of a typo: debian/xinetd.defaults -> debian/xinetd.default. * debian/xinetd.postrm: don't purge configuration that isn't ours on purge anymore. * Don't force inetd_compat for upgrades. * Update README.Debian with informations wrt -inetd_compat in Debian. -- Pierre Habouzit Wed, 28 Nov 2007 12:02:26 +0100 xinetd (1:2.3.14-3) unstable; urgency=low * xinetd has an -inetd_compat mode that renders it suitable for being an inet-superserver, instead of clumsily divert netkit-inetd, which this release enables now by default. (Closes: #134955, #188232, #326975, #355417, #373157, #406190, #406660, #448617) * debian/NEWS: explain the transition. * debian/control: - add Provides/Conflicts on inet-superserver - add dependency on update-inetd - add dependency on lsb-base * maintainer scripts: - preinst: remove diversion of /etc/init.d/inetd - other: don't touch /etc/init.d/inetd anymore * debian/xinetd.defaults: enable inetd_compat mode, so that we can legitimately provide inet-superserver. * debian/xinetd.init: - support the new INETD_COMPAT option - be LSB-compliant -- Pierre Habouzit Mon, 26 Nov 2007 22:24:09 +0100 xinetd (1:2.3.14-2) unstable; urgency=low * Adopt package. (Closes: #434357) * debian/control: - set myself as maintainer - add VCS-* fields - add Homepage field * debian/rules: - make it slightly more modern - use pristine-tar - use debian/patches * Always use up2date config.{sub,guess}: - add autotools-dev to the Depends - copy config.{guess,sub} from /usr/share/misc/ * Unset TMPDIR in the initscript. (Closes: #379400) * Capitalize IP in the package Description. (Closes: #414288) * Fix typo in xinetd.conf(5), spurious `+': update Documentation-fixes.patch. (Closes: #413997) -- Pierre Habouzit Mon, 26 Nov 2007 18:08:16 +0100 xinetd (1:2.3.14-1.1) unstable; urgency=low * Non-maintainer upload. * Update xinetd to use invoke-rc.d. (Closes: #427892) -- Pierre Habouzit Wed, 18 Jul 2007 18:38:26 +0200 xinetd (1:2.3.14-1) unstable; urgency=low * New upstream release. (Closes: #342724) * Update config.guess and config.sub to fix FTBFS on the kfreebsd ports. (Closes: #342448) * Comment about log_on_* in xinetd.conf. (Closes: #312663) * Prevent xinetd from closing stdout of the services to be started. Patch by Leo Weppelman . (Closes: #342559) * Patch for xconv.pl by Ron Murray to process "##" lines. (Closes: #336023). * Add configuration file to discard internal service. (Closes: #309312) * Bump Standards-Version to 3.7.2 * Bump debhelper compatibility level to 5. -- Thomas Seyrat Tue, 9 May 2006 13:32:06 +0200 xinetd (1:2.3.13-3) unstable; urgency=low * Have -stayalive option in /etc/default/xinetd instead of init script to make behaviour change easier. (Closes: #294665) * Apply patch from Andreas Jochens to build on amd64 with gcc-4.0. (Closes: #297911) * Run /etc/init.d/inetd in postrm only if it exists. (Closes: #295554) * Fix erroneous itox.8 man page. (Closes: #287814) * Include xinetd.org FAQ as /usr/share/doc/xinetd/xinetd.org-FAQ.html * Edited README.update-inetd. (Closes: #287821) * Apply patch to xconv.pl by Javier Fernández-Sanguino Peña: - resolve an issue with Amanda when xinetd is used instead of inetd. (Closes: #167367) - fix an issue with numerically-specified services when converting from an inetd configuration to xinetd. (Closes: #176464) - TCP Wrappers -- Thomas Seyrat Thu, 10 Mar 2005 11:03:24 +0100 xinetd (1:2.3.13-2) unstable; urgency=low * Start xinetd with -stayalive by default to keep it running even if no service is enabled. (Closes: #270803) * Modify Makefile.in to install xinetd.log manpage in section 5 instead of 8. -- Thomas Seyrat Thu, 9 Sep 2004 14:39:20 +0200 xinetd (1:2.3.13-1) unstable; urgency=low * New upstream release. - fixes factorized addresses in only_from. (Closes: #212533) * inetd.conf doesn't get read by default anymore, too much trouble. Remove -inetd_compat from /etc/default/xinetd. (Closes: #198585) * "services" internal service was removed upstream, so we don't need /etc/xinetd.d/xinetd anymore, nor documentation for these internal services. (Closes: #242646) * Bump Standards-Version to 3.6.1. -- Thomas Seyrat Sun, 18 Apr 2004 13:33:57 +0200 xinetd (1:2.3.12-2) unstable; urgency=high * Apply patch on nvlists.c from upstream to fix segfault. * Update README.update-inetd. * -reuse is not needed anymore since 2.3.4 as REUSE is on by default on all services. * "xadmin" and "servers" internal services were removed upstream, they don't appear anymore in /etc/xinetd.d/xinetd. * /etc/default/xinetd is also removed when xinetd is purged. -- Thomas Seyrat Fri, 15 Aug 2003 16:06:10 +0200 xinetd (1:2.3.12-1) unstable; urgency=low * New upstream release. * Bump Standards-Version to 3.6.0. * Remove README.samba -- Thomas Seyrat Thu, 14 Aug 2003 14:21:41 +0200 xinetd (1:2.3.11-2) unstable; urgency=low * Attempt at using inetd.conf compatibility mode. - no more "inetd.conf to xinetd.conf" autoconvert, now xinetd reads inetd.conf after xinetd.conf - inetd to xinetd transition should be seamless and inetd-started services are not supposed to be broken (closes: #146908) - no more debconf (we don't prompt user anymore, we rely on dpkg to check for an existing xinetd.conf, and to prompt accordingly) (Closes: #183458) * Install /etc/xinetd.d/, the (disabled) internal services configuration files (Redhat-style), and the default xinetd.conf considers them. (Closes: #167726) * Remove logrotate config file as we log through syslog per default. * Remove logrotate from Recommends. * Update and simplify maintainer scripts. * Bump Standards-Version to 3.5.10. -- Thomas Seyrat Mon, 9 Jun 2003 22:50:54 +0200 xinetd (1:2.3.11-1) unstable; urgency=high * New upstream release - fix memory leaks found by Steve Grubb with valgrind. (Closes: #190217) * Bump Standards-Version to 3.5.9. -- Thomas Seyrat Sat, 26 Apr 2003 16:26:45 +0200 xinetd (1:2.3.10-1) unstable; urgency=low * New upstream release. * Bumped Standards-Version to 3.5.8. * Start daemon with -pidfile /var/run/xinetd.pid. (Closes: #172770) -- Thomas Seyrat Mon, 13 Jan 2003 13:13:42 +0100 xinetd (1:2.3.9-1) unstable; urgency=low * New upstream release. * Bump Standards-Version to 3.5.7. -- Thomas Seyrat Wed, 2 Oct 2002 10:25:33 +0200 xinetd (1:2.3.7-1) unstable; urgency=high * New upstream release. - set urgency=high to supersede NMU. - include security fixes from 2.3.6-1.1. * Apply two patches for 2.3.6 from Steve G. fixing some "redirect without server line" service issues. (Closes: #155990) -- Thomas Seyrat Tue, 13 Aug 2002 15:05:05 +0200 xinetd (1:2.3.6-1.1) unstable; urgency=high * Non-maintainer upload. * Apply a patch from SolarDesigner to keep xinetd from leaking the recently introduced signal pipe into services started from xinetd. * Apply upstream bugfix to handle IPv6 addresses in config parser (unfortunately, it was applied upstream to the 2.3.6 tarball which is now different from ours). -- Martin Schulze Tue, 13 Aug 2002 10:44:14 +0200 xinetd (1:2.3.6-1) unstable; urgency=low * New upstream release. - fix issues when NAMEINARGS is passed to services. (Closes: #121044) - fix formatting error in xinetd.conf.5 (Closes: #149114) * Remove build dependency on perldoc (upstream now ships xconv.pl manpage). * Include French debconf template translation. -- Thomas Seyrat Mon, 5 Aug 2002 22:17:38 +0200 xinetd (1:2.3.5-1) unstable; urgency=low * New upstream release. * New maintainer. (Closes: #153977) * Minor debian/rules rewrite. * Bump Standards-Version to 3.5.6.1. -- Thomas Seyrat Sun, 28 Jul 2002 16:51:39 +0200 xinetd (1:2.3.4-2) unstable; urgency=high * Three small address parsing fixes; these are being punted upstream: - xinetd/addr.c:explicit_addr: Set /32 to still be a masked addr (Closes: #144672) - xinetd/addr.c:factorized_addr: Restart the parse at the right point after the syntax check pass. (Closes: #141453) - xinetd/addr.c:addrlist_match: Modify the "mask" check to remember to apply the mask to /both/ halves of the expression. (Closes: #145704) * debian/init: Send HUP to reload config. -- Daniel Silverstone Fri, 3 May 2002 21:47:35 +0100 xinetd (1:2.3.4-1.1) unstable; urgency=low * Non-maintainer upload. * Update config.guess and config.sub. (Closes: #141653) -- Colin Watson Sun, 7 Apr 2002 23:51:53 +0100 xinetd (1:2.3.4-1) unstable; urgency=low * New upstream release. * Give configure the --with-loadavg parameter. (Closes: #140619) -- Daniel Silverstone Thu, 4 Apr 2002 23:53:54 +0100 xinetd (1:2.3.3-4) unstable; urgency=low * Fix a reload issue in /etc/init.d/xinetd by making reload and force-reload the same signal. Follows from removal of soft reload in 2.3.1. (Closes: #127676) -- Daniel Silverstone Sun, 6 Jan 2002 17:25:45 +0000 xinetd (1:2.3.3-3) unstable; urgency=low * Update the pt_BR debconf template. (Closes: #120846) * Update the German debconf template. Thanks to Stephan Baeckert. * Fix implicit declaration of malloc(). This sorts out an ia64 issue. (Closes: #124399) * Fix spelling mistake in control file. (Closes: #125544) -- Daniel Silverstone Tue, 18 Dec 2001 08:38:04 +0000 xinetd (1:2.3.3-2) unstable; urgency=low * Re-introduce debconf independance at the cost of needing a lintian override. * Fix an issue with building on potato WRT pod2man. -- Daniel Silverstone Tue, 25 Sep 2001 18:52:58 +0100 xinetd (1:2.3.3-1) unstable; urgency=high * New upstream release. - changes of particular interest include: o 2.3.1 - Applied Solar Designer's AUDIT patches - Removed soft-reconfigure. reload is always hard. o 2.3.2 - Fix a heap overrun issue. o 2.3.3 - RPC parser works again. * New maintainer * Fix an issue where xinetd.conf stomped on your configs by making a backup somehow. (Closes: #110596) * Remove support for systems without debconf. This introduces a dependency on debconf. (Closes: #90008) * Introduc build dependency on perl-doc in order to build the manpage for xconv.pl * Provide POD documentation for xconv.pl * Correct a dodgy comment in xconv.pl. (Closes: #108754, #108751) * Include brazilian debconf template translations courtesy of Andre Luis Lopes . (Closes: #108548) -- Daniel Silverstone Fri, 31 Aug 2001 14:49:57 +0100 xinetd (1:2.3.0-1) unstable; urgency=high * New upstream release. * Orphan the package. * Include German translation for the debconf templates. (Closes: #95505) * Include Spanish translation for the debconf templates. (Closes: #103166) * Use -reuse by default in the init script. (Closes: #97732) * Fix a bug in svc_logprint (in xinetd/log.c) which may allow remote root access due to a buffer overflow. (Closes: #101201) * Recommend the proper syslogd virtual package. (Closes: #101629) * Further polishing of the packaging. -- Josip Rodin Sun, 15 Jul 2001 02:55:56 +0200 xinetd (1:2.1.8.8.p3-2) unstable; urgency=low * Add -x checks around lines that kill inetd, portmap, and xinetd init script, because it can happen that those programs aren't there. (Closes: #74759) * Update the template message about inetd.conf->xinetd.conf conversion. (Closes: #78622) * Bump Standards to 3.5.2: add DEB_BUILD_OPTIONS handling. * Bump debhelper build dependency to 2.0.54. Since dh_installdebconf is required now. * Add logrotate to Recommends. -- Josip Rodin Sat, 17 Mar 2001 16:52:20 +0100 xinetd (1:2.1.8.8.p3-1) frozen unstable; urgency=low * New upstream release. - fix a bug in the access lists; if you specified a host by name in "only_from," any connection from a host without a reverse DNS entry would be accepted This means that security policies (e.g. denial of access) for such hosts wouldn't be enforced, which is a very ugly security problem, closes: #65757. * Add a clear warning to the postrm in the case when you don't have an init script for the original inetd anymore, saying you may need to reinstall netbase package to fix it. As this may happen due to severe breakage in an old xinetd package. (Closes: #60836) * Clarify convert-inetd-conf template text to explicitely say that the config file will get overwritten on every upgrade if you say "Yes" to the question, and add two lines in postinst to explain how to make it not regenerate anymore. * Sync portmapper check with inetd's init script and enhance the regexp match to catch " # foo" comments, otherwise it may produce a false warning. * Move the message about terminating all services to prerm, where it's actually being done. * Make update-rc.d run only on initial installs. * Add debhelper to Build-Depends: and short the long description. -- Josip Rodin Fri, 16 Jun 2000 20:13:03 +0200 xinetd (1:2.1.8.8pre8-1) frozen unstable; urgency=low * New upstream release. - address a Y2K issue in the date service in the TIMEOFFSET macro (Closes: #54795) - fix that banners fail to work when the length of the banner name is "name % 32 = 0" -- Josip Rodin Sun, 16 Jan 2000 17:09:48 +0100 xinetd (1:2.1.8.8pre6-1) unstable; urgency=low * New upstream release. - fix Y2K glitch in the log file. (Closes: #53865) * Adopt the package. * Introduce debconf support to ask about converting the config file, and to warn about update-inetd malfunctioning. However, I didn't remove the old method of asking the questions yet, just in case debconf doesn't exist. Only Recommends: debconf. Plus, I had to re-route all the messages to &2, because of debconf. * Add the missing `k' in `syslogd' recommendation. * Add Build-Depends: libwrap0-dev. * Move the whole contents of preinst to postinst (that is, stopping of inetd and portmap, and creating the diversion of inetd init file), no need to abuse preinst for that. * Use --background option for start-stop-daemon, to speed up loading, thus having to depend on dpkg >= 1.4.1.17. * Fix some details in postinst, init.d, config, and copyright files. -- Josip Rodin Tue, 4 Jan 2000 23:54:08 +0100 xinetd (1:2.1.8.7-1) unstable; urgency=low * Non-maintainer upload. * Orphan the package. * New upstream release. - It's from a completely different development branch, versioned differently, so I had to introduce an epoch. Note that we have to use this version because the previous one breaks its own original license! (Closes: #38361, #41386, #41568) * Update packaging files for the new autoconf stuff, patch configure.in and Makefile.in to support install in custom non-existant directories, include sample xinetd.conf file in examples directory. * Updated docs regarding the new xconv.pl script. Not using it in postinst, at least not yet. * Drop all old patches, except the one for src/itox.c, which is now forwarded/included in upstream package, with some others. * Add --with-libwrap to configure flags, to link with libwrap0, as suggested by the upstream author in the README. * Fix postrm script to work on purge, and to remove /etc/init.d/inetd (created in postinst) prior to un-diverting it (otherwise dpkg-divert would bomb out, overwriting not allowed). * Move making the dummy /etc/init.d/inetd script to postinst, to avoid the lintian error. * Fix s/daemon-dir/daemon_dir/ in README.update-inetd file. * Update itox.1 manual page, move it to section 8 and to xinetd/ directory, and integrate it (and itox) in the Makefile install: rule. * Update the init script, made checkportmap() check in /etc/xinetd.conf file (don't know whether the check is ultimately correct, though). * Upgrade netbase dependency to 3.16-4, because the fixed update-inetd script is included since that version. * Don't recommend netstd anymore, apparently it no longer exists. (Closes: #49398, #49438) -- Josip Rodin Sat, 16 Oct 1999 19:14:14 +0200 xinetd (2.2.1-8.SD1.2) unstable; urgency=low * Non-maintainer upload. * Add a dummy /etc/init.d/inetd script so netbase doesn't have to worry about its files disappearing. (Closes: #45602) -- Anthony Towns Fri, 15 Oct 1999 11:56:03 +1000 xinetd (2.2.1-8.SD1.1) unstable; urgency=medium * Non-maintainer upload (is Norber Veber MIA?). * Update for the new netbase/inetd stuff. (Closes: #43161, #44537, #44529, #31500) * Depend on an appropriate netbase version because of the switch to diverting /etc/init.d/inetd, and not diverting /usr/sbin/update-inetd. * Un-diverting is done in a sane way, I think. Postinst checks whether the exact diversion still exists, and preserves the obsolete scripts, with suffix ".xinetd.old", and then removes the diversion. The obsolete files made this way are "rm -f"ed in postrm. * Update for Debian Policy 3.x. Converte to debhelper for full Policy compliance. (Closes: #44099) * Add rm -f /etc/xinetd.conf in purging of postrm. (Closes: #36809) * Apply large patch by for the following changes: (Closes: 35166) - Supplementary groups are now dropped by default instead of setting them according to /etc/group. The old behavior was dangerous, as root is usually a member of multiple groups and some daemons don't reset them even when dropping to the authenticated user. - On a SIGHUP, writes to /var/run/xinetd.dump, not /tmp/xinetd.dump. - A theoretical race condition is fixed. - Per-source-address session count limits, separate for each service. The option is "per_source" (works in the defaults section, too). Its usage is similar to the "instances" option. - New option for services: "groups = yes" can be used to enable the old behavior for supplementary groups. - The ability to pass server arguments starting with argv[0], via the added "server_args0" option. * Rework most of the maintainer scripts. * The checkportmap() function, from the inetd's init script ought to be changed to check in /etc/xinetd.conf file. * Improve debian/README* files, fixed some oddities in "SEE ALSO" sections of the man pages. * If this release doesn't break anything, I'll probably upload the newest upstream version, from the alive branch. -- Josip Rodin Wed, 15 Sep 1999 20:27:55 +0200 xinetd (2.2.1-8) frozen unstable; urgency=high * Apply itox patch by Alain Nissen , it fixes two problems with itox. It now understands the user.group notation, and ignores (no)wait.max. (Closes: #29951) * Fix commenting syntax in preinst (/* */ -> #). (Closes: #29650) * Fix typo in the itox man page. (Closes: #29945) * slattach is no longer killed when xinetd is stopped. (Closes: #29648) * Fix a /tmp security problem which occured when xinetd was sent the HUP signal (patch from Bugtraq by Marc Heuse slightly modified by me). -- Norbert Veber Sat, 5 Dec 1998 02:27:54 -0500 xinetd (2.2.1-7) unstable; urgency=low * Fix spelling in changelog. * Adress an issue with the postinst and file-rc. (Closes: #26546) -- Norbert Veber Sat, 10 Oct 1998 00:46:13 -0400 xinetd (2.2.1-6) unstable; urgency=low * debian/files and debian/substvars are no longer included in the package. (Closes: #24246) * Fix a vulnerability and a policy violation in the build process, also change to -O2 while compiling. (Closes: #24245) * Divert on both upgrade and install. (Closes: #23866) -- Norbert Veber Sat, 25 Jul 1998 14:18:39 -0400 xinetd (2.2.1-5) frozen unstable; urgency=low * Change all scripts that stop xinetd so that they use SIGQUIT to kill the server. SIGTERM is the default, and this causes xinetd to kill all child processes, which makes remote installation/maintenance impossible. * Change postrm so that it calls update-rc.d with the -f option (in case /etc/init.d/xinetd is still present. * Change prerm so that it stops /sbin/portmap instead of /usr/sbin/rpc.portmap (which doesn't exist). * Add a man page for itox. * Fix /etc/init.d/xinetd reload/restart. * Add /etc/init.d/xinetd to list of conffiles. -- Norbert Veber Sat, 13 Jun 1998 20:54:58 -0400 xinetd (2.2.1-4) frozen unstable; urgency=medium * New maintainer. * Divert /etc/init.d/netbase. (Closes: #19125) * /etc/init.d/xinetd now refers to itself by $0. (Closes: #6860) * /etc/init.d/xinetd now looks for /sbin/portmap. (Closes: #12021, #12047, #14159, #17247, #18691, #20701, #22161) * Divert /usr/sbin/update-inetd, the new update-inetd now tells the user to manually edit /etc/xinetd.conf. A new update-inetd that changes the xinetd.conf will eventually be created. * Create /usr/doc/xinetd/README-update.inetd which describes the above, and gives pointers on what to put into xinetd.conf. * Move back to main from non-free since xinetd is now free. * Include ORIGINAL copyright, as is required by the license. It is in /usr/doc/xinetd/copyright. * Create /usr/doc/README.samba which describes a fix/workaround to the xinetd/nmdb bug (Closes: #20705, #17907). * No longer provides a default xinetd.conf. It is nearly impossible to generate one that will work on all systems, and still provides useful services. The user now has the choice of keeping the current configuration, or converting inetd.conf. (Closes: #10059) -- Norbert Veber Tue, 9 June 1998 22:18:25 -0500 xinetd (2.2.1-3.1) unstable; urgency=low * Developer back to Boris. -- Adam Heath Sun, 15 Mar 1998 15:33:59 -0500 xinetd (2.2.1-3) unstable; urgency=low * Change distribution to non-free. * Fix bug #16310. (Closes: #16310) -- Adam Heath Sat, 14 Mar 1998 03:31:50 -0500 xinetd (2.2.1-2) unstable; urgency=low * Fix lintian bugs. -- Adam Heath Mon, 9 Mar 1998 19:33:00 -0500 xinetd (2.2.1-1) unstable; urgency=low * New upstream release. -- Adam Heath Wed, 31 Dec 1997 02:53:10 -0500 xinetd (2.1.7-3.1) unstable; urgency=low * Build against libc6. -- Adam Heath Tue, 30 Dec 1997 17:50:01 -0500 xinetd (2.1.7-3) unstable; urgency=low * Modify preinst to ask whether xinetd will be set up to load at boot time. -- "Boris D. Beletsky" Tue, 31 Oct 1996 23:13:34 +0200 xinetd (2.1.7-2) unstable; urgency=low * Fix FTBFS on non-i386 architectures. (Closes: #5022) -- "Boris D. Beletsky" Tue, 29 Oct 1996 03:23:24 +0200 xinetd (2.1.7-1) unstable; urgency=low * Initial release. -- "Boris D. Beletsky" Sun, 23 Oct 1996 07:45:14 +0200 debian/NEWS0000644000000000000000000000151112232702720007660 0ustar xinetd (1:2.3.14-6) unstable; urgency=low Thanks to David Madore, xinetd now is able to listen on IPv6 addresses for inetd.conf compatibility layer. This is now the new default mode for xinetd in Debian. -- Pierre Habouzit Mon, 24 Mar 2008 12:50:42 +0100 xinetd (1:2.3.14-3) unstable; urgency=low This version enables inetd_compat mode by default, so that we can pretend to be a real inet-superserver. This way, packages that use update-inetd will work with xinetd properly. The inetd_compat mode is forced for new installations only, and can be tweaked in /etc/default/xinetd. Note that if the same service is configured in /etc/xinetd.d/ and in /etc/inetd.conf, the former takes precedence, based on the service id. -- Pierre Habouzit Tue, 27 Nov 2007 01:55:29 +0100 debian/xinetd.d/0000755000000000000000000000000012232702720010700 5ustar debian/xinetd.d/discard0000644000000000000000000000060712232702720012237 0ustar # default: off # description: An RFC 863 discard server. # This is the tcp version. service discard { disable = yes type = INTERNAL id = discard-stream socket_type = stream protocol = tcp user = root wait = no } # This is the udp version. service discard { disable = yes type = INTERNAL id = discard-dgram socket_type = dgram protocol = udp user = root wait = yes } debian/xinetd.d/daytime0000644000000000000000000000076612232702720012270 0ustar # default: off # description: An internal xinetd service which gets the current system time # then prints it out in a format like this: "Wed Nov 13 22:30:27 EST 2002". # This is the tcp version. service daytime { disable = yes type = INTERNAL id = daytime-stream socket_type = stream protocol = tcp user = root wait = no } # This is the udp version. service daytime { disable = yes type = INTERNAL id = daytime-dgram socket_type = dgram protocol = udp user = root wait = yes } debian/xinetd.d/chargen0000644000000000000000000000120012232702720012223 0ustar # default: off # description: An xinetd internal service which generate characters. The # xinetd internal service which continuously generates characters until the # connection is dropped. The characters look something like this: # !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg # This is the tcp version. service chargen { disable = yes type = INTERNAL id = chargen-stream socket_type = stream protocol = tcp user = root wait = no } # This is the udp version. service chargen { disable = yes type = INTERNAL id = chargen-dgram socket_type = dgram protocol = udp user = root wait = yes } debian/xinetd.d/echo0000644000000000000000000000064612232702720011547 0ustar # default: off # description: An xinetd internal service which echo's characters back to # clients. # This is the tcp version. service echo { disable = yes type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no } # This is the udp version. service echo { disable = yes type = INTERNAL id = echo-dgram socket_type = dgram protocol = udp user = root wait = yes } debian/xinetd.d/time0000644000000000000000000000107112232702720011560 0ustar # default: off # description: An RFC 868 time server. This protocol provides a # site-independent, machine readable date and time. The Time service sends back # to the originating source the time in seconds since midnight on January first # 1900. # This is the tcp version. service time { disable = yes type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no } # This is the udp version. service time { disable = yes type = INTERNAL id = time-dgram socket_type = dgram protocol = udp user = root wait = yes } debian/README.update-inetd0000644000000000000000000000535212232702720012432 0ustar (Lack of) update-inetd functionality with xinetd ------------------------------------------------ The update-inetd script is used by Debian packages which rely on inetd. The purpose of the script is to update /etc/inetd.conf so that the network service(s) provided by the package in question are added or enabled. Beginning with 1:2.3.11-2, xinetd is shipped with an optional inetd.conf compatibility mode. That is, xinetd reads xinetd.conf, then inetd.conf and adds services accordingly. So, when this mode is used, and that a service is added by update-inetd to inetd.conf, xinetd can be reloaded, and the service becomes available through xinetd, without an xinetd.conf modification. To enable the inetd.conf compatibility mode, you can edit /etc/default/xinetd and add -inetd_compat or -inetd_ipv6 to XINETD_OPTS However, you will want to put some services' configurations in xinetd.conf to customize them. Since the update-inetd script currently does not modify /etc/xinetd.conf, instead telling the user to do this manually, there are two ways of converting your inetd.conf file into xinetd.conf file : either with the xconv.pl script, or with the itox program, both provided by xinetd. * Using itox The following command will output the appropriate xinetd.conf entry for this service, so you can add the output to xinetd.conf yourself: echo "line from /etc/inetd.conf" | itox However, if the service uses a daemon such as /usr/sbin/tcpd, then this should be specified using the "-daemon_dir" option. This example: echo "smtp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.smtpd" \ | itox -daemon_dir /usr/sbin/tcpd would produce this: service smtp { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.smtpd } * Using xconv.pl Mostly everything said above, regarding itox, also applies to xconv.pl - the only difference is that xconv.pl is a Perl script, a bit newer than than itox, and made exactly for the purpose of converting whole inetd.conf file into xinetd.conf file. It's best to invoke it this way: xconv.pl < /etc/inetd.conf > /etc/xinetd.conf This will read the whole inetd.conf file and create full xinetd.conf file. You should also read the inetd.conf and xinetd.conf manual pages, and this will hopefully make more sense. Work is currently being done on a new update-inetd which will automatically take care of everything, but that hasn't been implemented just yet. -- Norbert Veber Tue, 9 June 1998 22:18:25 -0500 Josip Rodin Wed, 20 Oct 1999 20:56:07 +0200 Thomas Seyrat Fri, 15 Aug 2003 17:39:58 +0200 debian/compat0000644000000000000000000000000212232702720010361 0ustar 9 debian/lintian-overrides0000644000000000000000000000007112232702720012542 0ustar xinetd: script-with-language-extension usr/sbin/xconv.pl debian/xinetd.docs0000644000000000000000000000007512232702720011332 0ustar README debian/README.update-inetd debian/xinetd.org-FAQ.html debian/patches/0000755000000000000000000000000012232702720010612 5ustar debian/patches/000008-fix-manpages0000644000000000000000000003436112232702720013650 0ustar Description: fix manpages fixes typos and some incorrect paths in manpages --- xinetd-2.3.15.orig/xinetd/xinetd.conf.man +++ xinetd-2.3.15/xinetd/xinetd.conf.man @@ -13,7 +13,7 @@ xinetd.conf \- Extended Internet Service .B "xinetd.conf" is the configuration file that determines the services provided by \fBxinetd\fP. -Any line whose first non-white-space character is a '#' is considered +Any line whose first non\-white\-space character is a '#' is considered a comment line. Empty lines are ignored. .LP The file contains entries of the form: @@ -71,7 +71,7 @@ if this is an RPC service if this is a service provided by \fBxinetd\fP. .TP .B TCPMUX/TCPMUXPLUS -if this is a service that will be started according to the RFC 1078 protocol on the TCPMUX well-known port. See the section describing TCPMUX services below. +if this is a service that will be started according to the RFC 1078 protocol on the TCPMUX well\-known port. See the section describing TCPMUX services below. .TP .B UNLISTED if this is a service not listed in a standard system file @@ -79,7 +79,7 @@ if this is a service not listed in a sta .I /etc/rpc for RPC services, or .I /etc/services -for non-RPC services). +for non\-RPC services). .RE .TP .B flags @@ -88,7 +88,7 @@ Any combination of the following flags m .TP 12 .B INTERCEPT Intercept packets or accepted connections in order to verify that they -are coming from acceptable locations (internal or multi-threaded +are coming from acceptable locations (internal or multi\-threaded services cannot be intercepted). .TP .B NORETRY @@ -97,7 +97,7 @@ Avoid retry attempts in case of fork fai .B IDONLY Accept connections only when the remote end identifies the remote user (i.e. the remote host must run an identification server). -This flag applies only to connection-based services. +This flag applies only to connection\-based services. This flag is ineffective if the .B USERID log option is not used. @@ -121,7 +121,7 @@ is not a tcp service, this option has no .B NOLIBWRAP This disables internal calling of the tcpwrap library to determine access to the service. This may be needed in order to use libwrap functionality -not available to long-running processes such as xinetd; in this case, +not available to long\-running processes such as xinetd; in this case, the tcpd program can be called explicitly (see also the NAMEINARGS flag). For RPC services using TCP transport, this flag is automatically turned on, because xinetd cannot get remote host address information for the rpc port. @@ -157,10 +157,10 @@ Possible values for this attribute inclu .RS .TP 12 .I stream -stream-based service +stream\-based service .TP .I dgram -datagram-based service +datagram\-based service .TP .I raw service that requires direct access to IP @@ -178,13 +178,13 @@ attribute is not defined, the default pr will be used. .TP .B wait -This attribute determines if the service is single-threaded or -multi-threaded and whether or not xinetd accepts the connection or the server +This attribute determines if the service is single\-threaded or +multi\-threaded and whether or not xinetd accepts the connection or the server program accepts the connection. If its value is \fIyes\fP, the service is -single-threaded; this means that \fBxinetd\fP will start the server and then +single\-threaded; this means that \fBxinetd\fP will start the server and then it will stop handling requests for the service until the server dies and that the server software will accept the connection. If the attribute value is -\fIno\fP, the service is multi-threaded and \fBxinetd\fP will keep handling +\fIno\fP, the service is multi\-threaded and \fBxinetd\fP will keep handling new service requests and xinetd will accept the connection. It should be noted that udp/dgram services normally expect the value to be yes since udp is not connection oriented, while tcp/stream servers normally expect the value to be @@ -196,7 +196,7 @@ be numeric or a name. If a name is given exist in .I /etc/passwd. This attribute is ineffective if the effective user ID -of \fBxinetd\fP is not super-user. +of \fBxinetd\fP is not super\-user. .TP .B group determines the gid for the server process. The group attribute can either @@ -207,7 +207,7 @@ If a group is not specified, the group of \fIuser\fP will be used (from .I /etc/passwd). This attribute is ineffective if the effective user ID -of \fBxinetd\fP is not super-user and if the \fBgroups\fP attribute +of \fBxinetd\fP is not super\-user and if the \fBgroups\fP attribute is not set to 'yes'. .TP .B instances @@ -288,7 +288,7 @@ then the host with the address 128.138.2 .TP .B access_times determines the time intervals when the service is available. An interval -has the form \fIhour:min-hour:min\fP (connections +has the form \fIhour:min\-hour:min\fP (connections .I will be accepted at the bounds of an interval). Hours can range from 0 to 23 and minutes from 0 to 59. @@ -366,7 +366,7 @@ logs the remote host address .TP .B USERID logs the user id of the remote user using the RFC 1413 identification protocol. -This option is available only for multi-threaded stream services. +This option is available only for multi\-threaded stream services. .TP .B EXIT logs the fact that a server exited along with the exit status or the @@ -395,7 +395,7 @@ logs the remote host address. .TP .B USERID logs the user id of the remote user using the RFC 1413 identification protocol. -This option is available only for multi-threaded stream services. +This option is available only for multi\-threaded stream services. .TP .B ATTEMPT logs the fact that a failed attempt was made @@ -461,17 +461,17 @@ Synonym for bind. Takes the name of a file to be splatted at the remote host when a connection to that service is established. This banner is printed regardless of access control. It should *always* be printed when -a connection has been made. \fBxinetd\fP outputs the file as-is, +a connection has been made. \fBxinetd\fP outputs the file as\-is, so you must ensure the file is correctly formatted for the service's -protocol. In paticular, if the protocol requires CR-LF pairs for line +protocol. In paticular, if the protocol requires CR\-LF pairs for line termination, you must supply them. .TP .B banner_success Takes the name of a file to be splatted at the remote host when a connection to that service is granted. This banner is printed as soon as access is granted for the service. \fBxinetd\fP outputs the -file as-is, so you must ensure the file is correctly formatted for -the service's protocol. In paticular, if the protocol requires CR-LF +file as\-is, so you must ensure the file is correctly formatted for +the service's protocol. In paticular, if the protocol requires CR\-LF pairs for line termination, you must supply them. .TP .B banner_fail @@ -479,9 +479,9 @@ Takes the name of a file to be splatted connection to that service is denied. This banner is printed immediately upon denial of access. This is useful for informing your users that they are doing something bad and they shouldn't be -doing it anymore. \fBxinetd\fP outputs the file as-is, +doing it anymore. \fBxinetd\fP outputs the file as\-is, so you must ensure the file is correctly formatted for the service's -protocol. In paticular, if the protocol requires CR-LF pairs for line +protocol. In paticular, if the protocol requires CR\-LF pairs for line termination, you must supply them. .TP .B per_source @@ -494,7 +494,7 @@ Limits the rate of incoming connections. The first argument is the number of connections per second to handle. If the rate of incoming connections is higher than this, the service will be temporarily disabled. The second argument is the number of -seconds to wait before re-enabling the service after it has been disabled. +seconds to wait before re\-enabling the service after it has been disabled. The default for this setting is 50 incoming connections and the interval is 10 seconds. .TP @@ -504,7 +504,7 @@ stop accepting connections. For example will stop accepting connections at this load. This is the one minute load average. This is an OS dependent feature, and currently only Linux, Solaris, and FreeBSD are supported for this. This feature is -only avaliable if xinetd was configured with the -with-loadavg option. +only available if xinetd was configured with the \-with\-loadavg option. .TP .B groups Takes either "yes" or "no". If the groups attribute is set to @@ -622,7 +622,7 @@ The necessary attributes for a service a (\fIunlisted\fP RPC services only) .TP .B port -(\fIunlisted\fP non-RPC services only) +(\fIunlisted\fP non\-RPC services only) .RE .PD .LP @@ -765,7 +765,7 @@ and These services are under the same access restrictions as all other services except for the ones that don't require \fBxinetd\fP to fork another process for them. Those ones (\fItime\fP, \fIdaytime\fP, -and the datagram-based \fIecho\fP, \fIchargen\fP, and \fIdiscard\fP) +and the datagram\-based \fIecho\fP, \fIchargen\fP, and \fIdiscard\fP) have no limitation in the number of .B instances. .LP @@ -773,8 +773,8 @@ have no limitation in the number of .SH "TCPMUX Services" .LP \fBxinetd\fP supports TCPMUX services that conform to RFC 1078. These services -may not have a well-known port associated with them, and can be accessed via -the TCPMUX well-known port. +may not have a well\-known port associated with them, and can be accessed via +the TCPMUX well\-known port. .LP For each service that is to be accessed via TCPMUX, a service entry in \fB/etc/xinetd.conf\fP or in a configuration file in an \fBincludedir\fP @@ -784,7 +784,7 @@ The \fIservice_name\fP field (as defined \fBxinetd\fP configuration file) must be identical to the string that is passed (according to RFC 1078 protocol) to \fBxinetd\fP when the remote service requestor first -makes the connection on the TCPMUX well-known port. Private protocols should +makes the connection on the TCPMUX well\-known port. Private protocols should use a service name that has a high probability of being unique. One way is to prepend the service name with some form of organization ID. .LP @@ -800,7 +800,7 @@ not listed in a standard system file .I /etc/rpc for RPC services, or .I /etc/services -for non-RPC services). +for non\-RPC services). .LP The \fIsocket_type\fP for these services must be \fBstream\fP, and the \fIprotocol\fP must be \fBtcp\fP. @@ -826,7 +826,7 @@ service myorg_server .IP user = root .IP server -= /usr/etc/my_server_exec += /usr/bin/my_server_exec .RE } .fi @@ -834,7 +834,7 @@ service myorg_server .PD .LP Besides a service entry for each service that can be accessed -via the TCPMUX well-known port, a service entry for TCPMUX itself +via the TCPMUX well\-known port, a service entry for TCPMUX itself must also be included in the \fBxinetd\fP configuration. Consider the following sample: .PD .1v @@ -885,7 +885,7 @@ The address check is based on the IP add not on its domain address. We do this so that we can avoid remote name lookups which may take a long time (since .B xinetd -is single-threaded, a name lookup will prevent the daemon from +is single\-threaded, a name lookup will prevent the daemon from accepting any other requests until the lookup is resolved). The down side of this scheme is that if the IP address of a remote host changes, then access to that host may be denied until @@ -910,12 +910,12 @@ This obviously has a performance impact it is up to you to make the compromise between security and performance for each service. The following tables show the overhead of interception. -The first table shows the time overhead-per-datagram for a UDP-based service +The first table shows the time overhead\-per\-datagram for a UDP\-based service using various datagram sizes. -For TCP-based services we measured the bandwidth reduction +For TCP\-based services we measured the bandwidth reduction because of interception while sending a certain amount of data from client to server (the time overhead should -the same as for UDP-based services but it is "paid" only by the first +the same as for UDP\-based services but it is "paid" only by the first packet of a continuous data transmission). The amount of data is given in the table as \fIsystem_calls\fPx\fIdata_sent_per_call\fP, i.e. @@ -1015,7 +1015,7 @@ service login .IP user = root .IP server -= /usr/etc/in.rlogind += /usr/sbin/in.rlogind .IP instances = UNLIMITED .RE @@ -1037,7 +1037,7 @@ service shell .IP instances = UNLIMITED .IP server -= /usr/etc/in.rshd += /usr/sbin/in.rshd .IP log_on_success += HOST .RE @@ -1055,9 +1055,9 @@ service ftp .IP user = root .IP server -= /usr/etc/in.ftpd += /usr/sbin/in.ftpd .IP server_args -= -l += \-l .IP instances = 4 .IP log_on_success @@ -1081,7 +1081,7 @@ service telnet .IP user = root .IP server -= /usr/etc/in.telnetd += /usr/sbin/in.telnetd .IP rlimit_as = 8M .IP rlimit_cpu @@ -1098,7 +1098,7 @@ service echo { .RS .IP id 20 -= echo-stream += echo\-stream .IP type = INTERNAL .IP socket_type @@ -1114,7 +1114,7 @@ service echo { .RS .IP id 20 -= echo-dgram += echo\-dgram .IP type = INTERNAL .IP socket_type @@ -1139,7 +1139,7 @@ service rstatd .IP protocol = udp .IP server -= /usr/etc/rpc.rstatd += /usr/sbin/rpc.rstatd .IP wait = yes .IP user @@ -1241,4 +1241,4 @@ the socket passed to the server can only .LP The .B INTERCEPT -flag is not supported for internal services or multi-threaded services. +flag is not supported for internal services or multi\-threaded services. --- xinetd-2.3.15.orig/xinetd/itox.8 +++ xinetd-2.3.15/xinetd/itox.8 @@ -2,19 +2,19 @@ .SH NAME itox \- converts inetd.conf style configuration files to xinetd.conf .SH SYNOPSIS -itox [-daemon_dir ] +itox [\-daemon_dir ] .SH DESCRIPTION .B itox takes on its standard input inetd.conf style entries and dumps to standard output the corresponding xinetd.conf style entries. .SH OPTIONS .TP -.I -daemon_dir +.I \-daemon_dir If you use tcpd, this option specifies the directory where all the daemons are. You must specify this option if you use tcpd and the daemon file names are not absolute. .SH EXAMPLES -itox -daemon_dir /usr/sbin < inetd.conf > xinetd.conf +itox \-daemon_dir /usr/sbin < inetd.conf > xinetd.conf .SH AUTHOR xinetd and itox were written by Panagiotis Tsirigotis. .sp debian/patches/000009-TCPMUX0000644000000000000000000000140412232702720012302 0ustar Description: can set uid for tcpmux This patch fixes CVE-2013-4342, by allowing TCPMUX to be used under a different user. Origin: other, https://github.com/xinetd-org/xinetd/pull/10/files Reviewed-By: Salvo 'LtWorf' Tomaselli . xinetd (1:2.3.15-2) unstable; urgency=high . * Fix CVE-2013-4342 making TCPMUX services change the uid. (Closes: #324678) Author: https://github.com/octurite Bug-Debian: http://bugs.debian.org/324678 Last-Update: 2013-10-03 --- xinetd-2.3.15.orig/xinetd/builtins.c +++ xinetd-2.3.15/xinetd/builtins.c @@ -617,7 +617,7 @@ static void tcpmux_handler( const struct if( SC_IS_INTERNAL( scp ) ) { SC_INTERNAL(scp, nserp); } else { - exec_server(nserp); + child_process(nserp); } } debian/patches/000001-documentation_fixes0000644000000000000000000000425312232702720015326 0ustar Description: Documentation fixes From: Pierre Habouzit Reviewed-By: Pierre Habouzit --- xinetd-2.3.15.orig/xinetd/xinetd.conf.man +++ xinetd-2.3.15/xinetd/xinetd.conf.man @@ -228,7 +228,7 @@ determines the program to execute for th determines the arguments passed to the server. In contrast to \fBinetd\fP, the server name should \fInot\fP be included in \fIserver_args\fP. .TP -+.B libwrap +.B libwrap overrides the service name passed to libwrap (which defaults to the server name, the first server_args component with NAMEINARGS, the id for internal services and the service name for redirected services). --- xinetd-2.3.15.orig/xinetd/xinetd.man +++ xinetd-2.3.15/xinetd/xinetd.man @@ -155,7 +155,7 @@ causes an internal state dump (the defau \fI/var/run/xinetd.dump\fP; to change the filename, edit \fIconfig.h\fP and recompile). .TP -.B SIGIOT +.B SIGABRT causes an internal consistency check to verify that the data structures used by the program have not been corrupted. When the check is completed --- xinetd-2.3.15.orig/xinetd/itox.8 +++ xinetd-2.3.15/xinetd/itox.8 @@ -1,19 +1,22 @@ -.TH ITOX 8 "October 1999" "xinetd" +.TH ITOX 8 "March 2005" "xinetd" .SH NAME itox \- converts inetd.conf style configuration files to xinetd.conf .SH SYNOPSIS -itox [-daemon_dir ] +itox [-daemon_dir ] .SH DESCRIPTION .B itox takes on its standard input inetd.conf style entries and dumps to standard output the corresponding xinetd.conf style entries. .SH OPTIONS .TP -.I -daemon_dir -Specifies the file name of the TCP daemon used in the inetd.conf file. +.I -daemon_dir +If you use tcpd, this option specifies the directory where all the daemons are. +You must specify this option if you use tcpd and the daemon file names are not +absolute. .SH EXAMPLES -itox -daemon_dir /usr/sbin/tcpd < inetd.conf > xinetd.conf +itox -daemon_dir /usr/sbin < inetd.conf > xinetd.conf .SH AUTHOR xinetd and itox were written by Panagiotis Tsirigotis. .sp -This man page was written by Norbert Veber . +This man page was written by Norbert Veber and Thomas Seyrat + debian/patches/000004-Fix-xinetd.log.man-installation-path0000644000000000000000000000172012232702720020260 0ustar Description: Documentation fixes From: Pierre Habouzit Signed-off-by: Pierre Habouzit Index: xinetd-2.3.15/Makefile.in =================================================================== --- xinetd-2.3.15.orig/Makefile.in 2007-09-20 19:01:52.000000000 +0200 +++ xinetd-2.3.15/Makefile.in 2013-06-15 12:31:39.000000000 +0200 @@ -80,7 +80,7 @@ $(INSTALL_CMD) -m 755 xinetd/itox $(DAEMONDIR) $(INSTALL_CMD) -m 755 $(SRCDIR)/xinetd/xconv.pl $(DAEMONDIR) $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.conf.man $(MANDIR)/man5/xinetd.conf.5 - $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.log.man $(MANDIR)/man8/xinetd.log.8 + $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.log.man $(MANDIR)/man5/xinetd.log.5 $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xinetd.man $(MANDIR)/man8/xinetd.8 $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/itox.8 $(MANDIR)/man8/itox.8 $(INSTALL_CMD) -m 644 $(SRCDIR)/xinetd/xconv.pl.8 $(MANDIR)/man8/xconv.pl.8 debian/patches/series0000644000000000000000000000015112232702720012024 0ustar 000001-documentation_fixes 000004-Fix-xinetd.log.man-installation-path 000008-fix-manpages 000009-TCPMUX debian/README.Debian0000644000000000000000000000141012232702720011220 0ustar README.Debian for xinetd ======================== xinetd in debian is supposed to work with -inetd_compat enabled (you can tweak that in /etc/default/xinetd). Package maintainers that support xinetd in addition to inetd, will drop files in /etc/xinetd.d/ _and_ add entries in /etc/inetd.conf, enabling them using update-inetd. If both an xinetd service configuration id and an entry in /etc/inetd.conf match, the xinetd one will hide the inetd.conf one, even if disabled. This trick is built to simplify the logic in update-inetd, and let the administrators only touch xinetd configuration and don't have /etc/inetd.conf mess with that they changed behind their back. -- Pierre Habouzit Wed, 28 Nov 2007 11:55:48 +0100 debian/control0000644000000000000000000000255212262534646010607 0ustar Source: xinetd Section: net Priority: extra Maintainer: Ubuntu Core Developers XSBC-Original-Maintainer: Salvo 'LtWorf' Tomaselli Standards-Version: 3.9.4 Build-Depends: debhelper (>> 9), libwrap0-dev, autotools-dev, lsb-base, dh-autoreconf Vcs-Git: git://github.com/ltworf/xinetd-debian.git Vcs-Browser: https://github.com/ltworf/xinetd-debian Homepage: http://www.xinetd.org Package: xinetd Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, netbase, update-inetd Provides: inet-superserver Conflicts: inet-superserver Recommends: rsyslog | system-log-daemon, logrotate Description: replacement for inetd with many enhancements xinetd has access control mechanisms, extensive logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, among other things. . It has the ability to redirect TCP streams to a remote host and port. This is useful for those of that use IP masquerading, or NAT, and want to be able to reach your internal hosts. . It also has the ability to bind specific services to specific interfaces. This is useful when you want to make services available for your internal network, but not the rest of the world. Or to have a different service running on the same port, but different interfaces. debian/xinetd.doc-base0000644000000000000000000000035512232702720012060 0ustar Document: xinetd-faq Title: xinetd FAQ Abstract: This manual replies to some common questions about xinetd Section: Help/FAQ Format: HTML Files: /usr/share/doc/xinetd/xinetd.org-FAQ.html Index: /usr/share/doc/xinetd/xinetd.org-FAQ.html debian/xinetd.links0000644000000000000000000000010612232702720011515 0ustar /usr/share/doc/xinetd/CHANGELOG.gz /usr/share/doc/xinetd/changelog.gz debian/rules0000755000000000000000000000050612232677744010265 0ustar #!/usr/bin/make -f SHELL=sh -e prefix = $(CURDIR)/debian/xinetd/usr override_dh_auto_configure: dh_auto_configure -- --with-loadavg --with-libwrap --prefix=$(prefix) \ --mandir=$(prefix)/share/man --infodir=$(prefix)/share/info override_dh_autoreconf: dh_autoreconf autoconf %: dh $@ --with autoreconf,autotools_dev debian/source/0000755000000000000000000000000012232702720010463 5ustar debian/source/format0000644000000000000000000000001412232702720011671 0ustar 3.0 (quilt) debian/xinetd.upstart0000644000000000000000000000271112262534646012120 0ustar # xinetd - the extended Internet services daemon description "xinetd daemon" start on runlevel [2345] stop on runlevel [!2345] ## because signal QUIT is sent in pre-stop, respawn cannot be used. ## (LP: #605007) #respawn pre-start script test -x /usr/sbin/xinetd || { stop; exit 0; } end script env PIDFILE=/var/run/xinetd.pid script INETD_COMPAT=Yes XINETD_OPTS="-stayalive" # per upstart convention, options should be set in the upstart job itself. # However, to be friendly, source and respect old defaults file. [ ! -f /etc/default/xinetd ] || . /etc/default/xinetd case "$INETD_COMPAT" in [Yy]*) XINETD_OPTS="$XINETD_OPTS -inetd_compat" if perl -MSocket -e 'exit (!socket($sock, AF_INET6, SOCK_STREAM, 0))'; then XINETD_OPTS="$XINETD_OPTS -inetd_ipv6" fi ;; esac checkportmap () { if grep "^[^ *#]" /etc/xinetd.conf | grep -q 'rpc/'; then if ! rpcinfo -u localhost portmapper >/dev/null 2>&1; then echo echo "WARNING: portmapper inactive - RPC services unavailable!" echo " Commenting out or removing the RPC services from" echo " the /etc/xinetd.conf file will remove this message." echo fi fi } checkportmap exec /usr/sbin/xinetd -dontfork -pidfile "$PIDFILE" $XINETD_OPTS end script pre-stop script xinetd_pid=$(status | awk '/stop\/pre-stop/ { print $NF }') [ -n "${xinetd_pid}" ] || exit 0 kill -QUIT "${xinetd_pid}" end script debian/xinetd.init0000644000000000000000000000461312232702720011347 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: xinetd inetd # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Should-Start: $syslog # Should-Stop: $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Starts or stops the xinetd daemon. # Description: Starts and stops xinetd, an inetd replacement ### END INIT INFO # clear poisonned environment unset TMPDIR NAME=xinetd DAEMON=/usr/sbin/$NAME PIDFILE=/run/$NAME.pid test -x "$DAEMON" || exit 0 test -e /etc/default/$NAME && . /etc/default/$NAME case "$INETD_COMPAT" in [Yy]*) XINETD_OPTS="$XINETD_OPTS -inetd_compat" if perl -MSocket -e 'exit (!socket($sock, AF_INET6, SOCK_STREAM, 0))'; then XINETD_OPTS="$XINETD_OPTS -inetd_ipv6" fi ;; esac . /lib/lsb/init-functions checkportmap () { if grep "^[^ *#]" /etc/xinetd.conf | grep -q 'rpc/'; then if ! rpcinfo -u localhost portmapper >/dev/null 2>&1; then echo echo "WARNING: portmapper inactive - RPC services unavailable!" echo " Commenting out or removing the RPC services from" echo " the /etc/xinetd.conf file will remove this message." echo fi fi } case "$1" in start) checkportmap log_daemon_msg "Starting internet superserver" "$NAME" start-stop-daemon --pidfile "$PIDFILE" --start --quiet --background --exec "$DAEMON" -- \ -pidfile "$PIDFILE" $XINETD_OPTS log_end_msg $? ;; stop) log_daemon_msg "Stopping internet superserver" "$NAME" start-stop-daemon --pidfile "$PIDFILE" --stop --signal 3 --quiet --oknodo --exec "$DAEMON" log_end_msg $? ;; reload) log_daemon_msg "Reloading internet superserver configuration" "$NAME" start-stop-daemon --pidfile "$PIDFILE" --stop --signal 1 --quiet --oknodo --exec "$DAEMON" log_end_msg $? ;; restart|force-reload) $0 stop $0 start ;; status) status_of_proc -p "$PIDFILE" "$DAEMON" R=$? if test "$R" = "0" ; then kill -10 $(cat "$PIDFILE") cat /var/run/xinetd.dump fi exit $R ;; *) echo "Usage: /etc/init.d/xinetd {start|stop|reload|force-reload|restart|status}" exit 1 ;; esac exit 0 debian/watch0000644000000000000000000000006412232702720010214 0ustar version=3 http://www.xinetd.org/ xinetd-(.+).tar.gz debian/xinetd.install0000644000000000000000000000010612232702720012043 0ustar debian/xinetd.conf etc/ debian/xinetd.d etc/ debian/xinetd.conf0000644000000000000000000000044112232702720011324 0ustar # Simple configuration file for xinetd # # Some defaults, and include /etc/xinetd.d/ defaults { # Please note that you need a log_type line to be able to use log_on_success # and log_on_failure. The default is the following : # log_type = SYSLOG daemon info } includedir /etc/xinetd.d