parent
58e9dbb964
commit
11d385badf
@ -0,0 +1 @@
|
|||||||
|
ccbc2676977c31bbd43783abfbf2fdcf tcp_wrappers_7.6-ipv6.4.tar.gz
|
@ -0,0 +1,12 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/inetcf.c.patch16 tcp_wrappers_7.6/inetcf.c
|
||||||
|
--- tcp_wrappers_7.6/inetcf.c.patch16 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/inetcf.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -61,7 +61,7 @@ char *inet_cfg(conf)
|
||||||
|
char *conf;
|
||||||
|
{
|
||||||
|
char buf[BUFSIZ];
|
||||||
|
- FILE *fp;
|
||||||
|
+ FILE *fp = NULL;
|
||||||
|
char *service;
|
||||||
|
char *protocol;
|
||||||
|
char *user;
|
@ -0,0 +1,13 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/hosts_access.c.patch21 tcp_wrappers_7.6/hosts_access.c
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.c.patch21 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -391,6 +391,9 @@ char *string;
|
||||||
|
return (STR_NE(string, unknown));
|
||||||
|
} else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */
|
||||||
|
return (STRN_EQ(tok, string, n));
|
||||||
|
+ } else if ((STR_EQ(tok, "localhost") || STR_EQ(tok, "localhost.localdomain"))
|
||||||
|
+ && (STR_EQ(string, "localhost") || STR_EQ(string, "localhost.localdomain"))) {
|
||||||
|
+ return (YES); /* these localhosts are equivalent */
|
||||||
|
} else { /* exact match */
|
||||||
|
return (STR_EQ(tok, string));
|
||||||
|
}
|
@ -0,0 +1,88 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/hosts_ctl.c.patch17 tcp_wrappers_7.6/hosts_ctl.c
|
||||||
|
--- tcp_wrappers_7.6/hosts_ctl.c.patch17 1994-12-28 17:42:28.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/hosts_ctl.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -29,10 +29,12 @@ char *user;
|
||||||
|
{
|
||||||
|
struct request_info request;
|
||||||
|
|
||||||
|
- return (hosts_access(request_init(&request,
|
||||||
|
- RQ_DAEMON, daemon,
|
||||||
|
- RQ_CLIENT_NAME, name,
|
||||||
|
- RQ_CLIENT_ADDR, addr,
|
||||||
|
- RQ_USER, user,
|
||||||
|
- 0)));
|
||||||
|
+ request_init(&request, RQ_DAEMON, daemon,
|
||||||
|
+ RQ_CLIENT_NAME, name,
|
||||||
|
+ RQ_CLIENT_ADDR, addr,
|
||||||
|
+ RQ_USER, user,
|
||||||
|
+ 0);
|
||||||
|
+ sock_hostnofd(&request);
|
||||||
|
+
|
||||||
|
+ return (hosts_access(&request));
|
||||||
|
}
|
||||||
|
diff -up tcp_wrappers_7.6/socket.c.patch17 tcp_wrappers_7.6/socket.c
|
||||||
|
--- tcp_wrappers_7.6/socket.c.patch17 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/socket.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -130,6 +130,51 @@ struct request_info *request;
|
||||||
|
request->server->sin = &server;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* sock_hostnofd - look up endpoint addresses and install conversion methods */
|
||||||
|
+
|
||||||
|
+void sock_hostnofd(request)
|
||||||
|
+struct request_info *request;
|
||||||
|
+{
|
||||||
|
+ static struct sockaddr_storage client;
|
||||||
|
+ struct addrinfo hints, *res;
|
||||||
|
+ int ret;
|
||||||
|
+ char *host;
|
||||||
|
+
|
||||||
|
+ /* If the address field is non-empty and non-unknown and if the hostname
|
||||||
|
+ * field is empty or unknown, use the address field to get the sockaddr
|
||||||
|
+ * and hostname. */
|
||||||
|
+ if (strlen(request->client->addr) &&
|
||||||
|
+ HOSTNAME_KNOWN(request->client->addr) &&
|
||||||
|
+ (!strlen(request->client->name) ||
|
||||||
|
+ !HOSTNAME_KNOWN(request->client->name)))
|
||||||
|
+ host = request->client->addr;
|
||||||
|
+ else
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ memset(&hints, 0, sizeof(hints));
|
||||||
|
+ hints.ai_family = AF_INET6;
|
||||||
|
+ hints.ai_socktype = SOCK_STREAM;
|
||||||
|
+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
|
||||||
|
+
|
||||||
|
+ ret = getaddrinfo(host, NULL, &hints, &res);
|
||||||
|
+ if (ret != 0) {
|
||||||
|
+ hints.ai_family = AF_INET;
|
||||||
|
+ ret = getaddrinfo(host, NULL, &hints, &res);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (ret != 0) {
|
||||||
|
+ tcpd_warn("can't resolve hostname (%s): %s", host, gai_strerror(ret));
|
||||||
|
+ } else {
|
||||||
|
+ sock_methods(request);
|
||||||
|
+
|
||||||
|
+ memcpy(&client, res->ai_addr, res->ai_addrlen);
|
||||||
|
+ request->client->sin = (struct sockaddr *)&client;
|
||||||
|
+ freeaddrinfo(res);
|
||||||
|
+
|
||||||
|
+ request->client->name[0] = 0;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* sock_hostaddr - map endpoint address to printable form */
|
||||||
|
|
||||||
|
void sock_hostaddr(host)
|
||||||
|
diff -up tcp_wrappers_7.6/tcpd.h.patch17 tcp_wrappers_7.6/tcpd.h
|
||||||
|
--- tcp_wrappers_7.6/tcpd.h.patch17 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/tcpd.h 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -167,6 +167,7 @@ extern char *eval_server __P((struct req
|
||||||
|
|
||||||
|
/* look up endpoint addresses */
|
||||||
|
extern void sock_host __P((struct request_info *));
|
||||||
|
+extern void sock_hostnofd __P((struct request_info *));
|
||||||
|
/* translate address to hostname */
|
||||||
|
extern void sock_hostname __P((struct host_info *));
|
||||||
|
/* address to printable address */
|
@ -0,0 +1,158 @@
|
|||||||
|
diff --git a/hosts_access.c b/hosts_access.c
|
||||||
|
index dfff943..13ad9f9 100644
|
||||||
|
--- a/hosts_access.c
|
||||||
|
+++ b/hosts_access.c
|
||||||
|
@@ -78,6 +78,9 @@ int hosts_access_verbose = 0;
|
||||||
|
*/
|
||||||
|
|
||||||
|
int resident = (-1); /* -1, 0: unknown; +1: yes */
|
||||||
|
+#ifdef ACLEXEC
|
||||||
|
+int aclexec_matched = 0;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/* Forward declarations. */
|
||||||
|
|
||||||
|
@@ -179,6 +182,12 @@ struct request_info *request;
|
||||||
|
if (sh_cmd) {
|
||||||
|
#ifdef PROCESS_OPTIONS
|
||||||
|
process_options(sh_cmd, request);
|
||||||
|
+# ifdef ACLEXEC
|
||||||
|
+ if (aclexec_matched) {
|
||||||
|
+ syslog(LOG_INFO, "aclexec returned %d", aclexec_matched);
|
||||||
|
+ match = NO;
|
||||||
|
+ }
|
||||||
|
+# endif
|
||||||
|
#else
|
||||||
|
char cmd[BUFSIZ];
|
||||||
|
shell_cmd(percent_x(cmd, sizeof(cmd), sh_cmd, request));
|
||||||
|
diff --git a/hosts_options.5 b/hosts_options.5
|
||||||
|
index 3bd189e..39c7fdd 100644
|
||||||
|
--- a/hosts_options.5
|
||||||
|
+++ b/hosts_options.5
|
||||||
|
@@ -54,6 +54,23 @@ ALL: ALL: ALLOW
|
||||||
|
.sp
|
||||||
|
Notice the leading dot on the domain name patterns.
|
||||||
|
.SH RUNNING OTHER COMMANDS
|
||||||
|
+.IP "aclexec shell_command"
|
||||||
|
+Execute, in a child process, the specified shell command, after
|
||||||
|
+performing the %<letter> expansions described in the hosts_access(5)
|
||||||
|
+manual page. The command is executed with stdin, stdout and stderr
|
||||||
|
+connected to the null device, so that it won't mess up the
|
||||||
|
+conversation with the client host. Example:
|
||||||
|
+.sp
|
||||||
|
+.nf
|
||||||
|
+.ti +3
|
||||||
|
+smtp : ALL : aclexec checkdnsbl %a
|
||||||
|
+.fi
|
||||||
|
+.sp
|
||||||
|
+executes, in a background child process, the shell command "checkdnsbl %a"
|
||||||
|
+after replacing %a by the address of the remote host.
|
||||||
|
+.sp
|
||||||
|
+The connection will be allowed or refused depending on whether the
|
||||||
|
+command returns a true or false exit status.
|
||||||
|
.IP "spawn shell_command"
|
||||||
|
Execute, in a child process, the specified shell command, after
|
||||||
|
performing the %<letter> expansions described in the hosts_access(5)
|
||||||
|
diff --git a/options.c b/options.c
|
||||||
|
index 675c9b4..b01db51 100644
|
||||||
|
--- a/options.c
|
||||||
|
+++ b/options.c
|
||||||
|
@@ -49,6 +49,7 @@ static char sccsid[] = "@(#) options.c 1.17 96/02/11 17:01:31";
|
||||||
|
#include <setjmp.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
+#include <sys/wait.h>
|
||||||
|
|
||||||
|
#ifndef MAXPATHNAMELEN
|
||||||
|
#define MAXPATHNAMELEN BUFSIZ
|
||||||
|
@@ -78,6 +79,7 @@ static void group_option(); /* execute "group name" option */
|
||||||
|
static void umask_option(); /* execute "umask mask" option */
|
||||||
|
static void linger_option(); /* execute "linger time" option */
|
||||||
|
static void keepalive_option(); /* execute "keepalive" option */
|
||||||
|
+static void aclexec_option(); /* execute "aclexec command" option */
|
||||||
|
static void spawn_option(); /* execute "spawn command" option */
|
||||||
|
static void twist_option(); /* execute "twist command" option */
|
||||||
|
static void rfc931_option(); /* execute "rfc931" option */
|
||||||
|
@@ -115,6 +117,9 @@ static struct option option_table[] = {
|
||||||
|
{ "umask", umask_option, NEED_ARG },
|
||||||
|
{ "linger", linger_option, NEED_ARG },
|
||||||
|
{ "keepalive", keepalive_option, 0 },
|
||||||
|
+#ifdef ACLEXEC
|
||||||
|
+ { "aclexec", aclexec_option, NEED_ARG | EXPAND_ARG },
|
||||||
|
+#endif
|
||||||
|
{ "spawn", spawn_option, NEED_ARG | EXPAND_ARG },
|
||||||
|
{ "twist", twist_option, NEED_ARG | EXPAND_ARG | USE_LAST },
|
||||||
|
{ "rfc931", rfc931_option, OPT_ARG },
|
||||||
|
@@ -327,6 +332,54 @@ struct request_info *request;
|
||||||
|
shell_cmd(value);
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef ACLEXEC
|
||||||
|
+/* aclexec_option - spawn a shell command and check status */
|
||||||
|
+
|
||||||
|
+/* ARGSUSED */
|
||||||
|
+
|
||||||
|
+static void aclexec_option(value, request)
|
||||||
|
+char *value;
|
||||||
|
+struct request_info *request;
|
||||||
|
+{
|
||||||
|
+ int status, child_pid, wait_pid;
|
||||||
|
+ extern int aclexec_matched;
|
||||||
|
+
|
||||||
|
+ if (dry_run != 0)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ child_pid = fork();
|
||||||
|
+
|
||||||
|
+ /* Something went wrong: we MUST terminate the process. */
|
||||||
|
+ if (child_pid < 0) {
|
||||||
|
+ tcpd_warn("aclexec_option: /bin/sh: %m");
|
||||||
|
+ clean_exit(request);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (child_pid == 0) {
|
||||||
|
+ execl("/bin/sh", "sh", "-c", value, (char *) 0);
|
||||||
|
+
|
||||||
|
+ /* Something went wrong. We MUST terminate the child process. */
|
||||||
|
+ tcpd_warn("execl /bin/sh: %m");
|
||||||
|
+ _exit(0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ while ((wait_pid = wait(&status)) != -1 && wait_pid != child_pid)
|
||||||
|
+ /* void */ ;
|
||||||
|
+
|
||||||
|
+ aclexec_matched = 1;
|
||||||
|
+
|
||||||
|
+ if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
|
||||||
|
+ aclexec_matched = 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (WIFSIGNALED(status))
|
||||||
|
+ tcpd_warn("process %d exited with signal %d", child_pid,
|
||||||
|
+ WTERMSIG(status));
|
||||||
|
+
|
||||||
|
+ return;
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* linger_option - set the socket linger time (Marc Boucher <marc@cam.org>) */
|
||||||
|
|
||||||
|
/* ARGSUSED */
|
||||||
|
diff --git a/tcpdchk.c b/tcpdchk.c
|
||||||
|
index e67ffb0..8c74df8 100644
|
||||||
|
--- a/tcpdchk.c
|
||||||
|
+++ b/tcpdchk.c
|
||||||
|
@@ -59,10 +59,6 @@ static char sep[] = ", \t\n";
|
||||||
|
|
||||||
|
#define BUFLEN 2048
|
||||||
|
|
||||||
|
-int resident = 0;
|
||||||
|
-int hosts_access_verbose = 0;
|
||||||
|
-char *hosts_allow_table = HOSTS_ALLOW;
|
||||||
|
-char *hosts_deny_table = HOSTS_DENY;
|
||||||
|
extern jmp_buf tcpd_buf;
|
||||||
|
|
||||||
|
/*
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat tcp_wrappers_7.6-ipv6.4/hosts_access.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat 2013-08-15 18:46:30.398827866 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-08-15 18:50:03.099748732 +0200
|
||||||
|
@@ -326,11 +326,15 @@ struct host_info *host;
|
||||||
|
if (cbr = strchr(tok, ']'))
|
||||||
|
*cbr = '\0';
|
||||||
|
|
||||||
|
+ if (cbr == NULL) {
|
||||||
|
+ tcpd_warn("bad IP6 address specification");
|
||||||
|
+ return (NO);
|
||||||
|
+ }
|
||||||
|
/*
|
||||||
|
* A /nnn prefix specifies how many bits of the address we
|
||||||
|
* need to check.
|
||||||
|
*/
|
||||||
|
- if (slash = strchr(tok, '/')) {
|
||||||
|
+ if ((slash = strchr(tok, '/')) || (slash = strchr(cbr+1, '/'))) {
|
||||||
|
*slash = '\0';
|
||||||
|
mask = atoi(slash+1);
|
||||||
|
if (mask < 0 || mask > IPV6_ABITS) {
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat tcp_wrappers_7.6-ipv6.4/tcpdchk.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat 1999-10-28 08:38:06.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/tcpdchk.c 2013-08-15 18:46:30.399827870 +0200
|
||||||
|
@@ -430,6 +430,9 @@ char *pat;
|
||||||
|
int err = 0;
|
||||||
|
int mask = IPV6_ABITS;
|
||||||
|
|
||||||
|
+ if (!slash)
|
||||||
|
+ slash = strchr(cbr+1, '/');
|
||||||
|
+
|
||||||
|
if (slash != NULL) {
|
||||||
|
*slash = '\0';
|
||||||
|
mask = atoi(slash + 1);
|
@ -0,0 +1,37 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/eval.c.patch4 tcp_wrappers_7.6/eval.c
|
||||||
|
--- tcp_wrappers_7.6/eval.c.patch4 1995-01-30 19:51:46.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/eval.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -111,7 +111,7 @@ struct request_info *request;
|
||||||
|
return (hostinfo);
|
||||||
|
#endif
|
||||||
|
if (STR_NE(eval_user(request), unknown)) {
|
||||||
|
- sprintf(both, "%s@%s", request->user, hostinfo);
|
||||||
|
+ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo);
|
||||||
|
return (both);
|
||||||
|
} else {
|
||||||
|
return (hostinfo);
|
||||||
|
@@ -128,7 +128,7 @@ struct request_info *request;
|
||||||
|
char *daemon = eval_daemon(request);
|
||||||
|
|
||||||
|
if (STR_NE(host, unknown)) {
|
||||||
|
- sprintf(both, "%s@%s", daemon, host);
|
||||||
|
+ snprintf(both, sizeof(both), "%s@%s", daemon, host);
|
||||||
|
return (both);
|
||||||
|
} else {
|
||||||
|
return (daemon);
|
||||||
|
diff -up tcp_wrappers_7.6/tcpd.c.patch4 tcp_wrappers_7.6/tcpd.c
|
||||||
|
--- tcp_wrappers_7.6/tcpd.c.patch4 1996-02-11 17:01:33.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/tcpd.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -60,10 +60,10 @@ char **argv;
|
||||||
|
*/
|
||||||
|
|
||||||
|
if (argv[0][0] == '/') {
|
||||||
|
- strcpy(path, argv[0]);
|
||||||
|
+ strncpy(path, argv[0], sizeof(path));
|
||||||
|
argv[0] = strrchr(argv[0], '/') + 1;
|
||||||
|
} else {
|
||||||
|
- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
|
||||||
|
+ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
@ -0,0 +1,56 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/hosts_access.5.patch5 tcp_wrappers_7.6/hosts_access.5
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.5.patch5 1995-01-30 19:51:47.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -89,6 +89,13 @@ An expression of the form `n.n.n.n/m.m.m
|
||||||
|
bitwise AND of the address and the `mask\'. For example, the net/mask
|
||||||
|
pattern `131.155.72.0/255.255.254.0\' matches every address in the
|
||||||
|
range `131.155.72.0\' through `131.155.73.255\'.
|
||||||
|
+.IP \(bu
|
||||||
|
+A string that begins with a `/\' character is treated as a file
|
||||||
|
+name. A host name or address is matched if it matches any host name
|
||||||
|
+or address pattern listed in the named file. The file format is
|
||||||
|
+zero or more lines with zero or more host name or address patterns
|
||||||
|
+separated by whitespace. A file name pattern can be used anywhere
|
||||||
|
+a host name or address pattern can be used.
|
||||||
|
.SH WILDCARDS
|
||||||
|
The access control language supports explicit wildcards:
|
||||||
|
.IP ALL
|
||||||
|
diff -up tcp_wrappers_7.6/hosts_access.c.patch5 tcp_wrappers_7.6/hosts_access.c
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.c.patch5 1997-02-12 02:13:23.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -240,6 +240,26 @@ struct request_info *request;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* hostfile_match - look up host patterns from file */
|
||||||
|
+
|
||||||
|
+static int hostfile_match(path, host)
|
||||||
|
+char *path;
|
||||||
|
+struct hosts_info *host;
|
||||||
|
+{
|
||||||
|
+ char tok[BUFSIZ];
|
||||||
|
+ int match = NO;
|
||||||
|
+ FILE *fp;
|
||||||
|
+
|
||||||
|
+ if ((fp = fopen(path, "r")) != 0) {
|
||||||
|
+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
|
||||||
|
+ /* void */ ;
|
||||||
|
+ fclose(fp);
|
||||||
|
+ } else if (errno != ENOENT) {
|
||||||
|
+ tcpd_warn("open %s: %m", path);
|
||||||
|
+ }
|
||||||
|
+ return (match);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* host_match - match host name and/or address against pattern */
|
||||||
|
|
||||||
|
static int host_match(tok, host)
|
||||||
|
@@ -267,6 +287,8 @@ struct host_info *host;
|
||||||
|
tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
|
||||||
|
return (NO);
|
||||||
|
#endif
|
||||||
|
+ } else if (tok[0] == '/') { /* /file hack */
|
||||||
|
+ return (hostfile_match(tok, host));
|
||||||
|
} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
|
||||||
|
char *name = eval_hostname(host);
|
||||||
|
return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
|
@ -0,0 +1,102 @@
|
|||||||
|
--- tcp_wrappers_7.6/hosts_access.5.patch6 2013-01-23 11:10:00.545081410 +0100
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.5 2013-01-23 11:10:00.549081436 +0100
|
||||||
|
@@ -96,6 +96,10 @@ or address pattern listed in the named f
|
||||||
|
zero or more lines with zero or more host name or address patterns
|
||||||
|
separated by whitespace. A file name pattern can be used anywhere
|
||||||
|
a host name or address pattern can be used.
|
||||||
|
+.IP \(bu
|
||||||
|
+Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
|
||||||
|
+method of matching cannot be used in conjunction with `net/mask\' matching,
|
||||||
|
+hostname matching beginning with `.\' or IP address matching ending with `.\'.
|
||||||
|
.SH WILDCARDS
|
||||||
|
The access control language supports explicit wildcards:
|
||||||
|
.IP ALL
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.c.patch6 2013-01-23 11:10:00.546081416 +0100
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.c 2013-01-23 11:12:28.519925230 +0100
|
||||||
|
@@ -376,6 +376,11 @@ char *string;
|
||||||
|
{
|
||||||
|
int n;
|
||||||
|
|
||||||
|
+#ifndef DISABLE_WILDCARD_MATCHING
|
||||||
|
+ if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */
|
||||||
|
+ return (match_pattern_ylo(string,tok));
|
||||||
|
+ } else
|
||||||
|
+#endif
|
||||||
|
if (tok[0] == '.') { /* suffix */
|
||||||
|
n = strlen(string) - strlen(tok);
|
||||||
|
return (n > 0 && STR_EQ(tok, string + n));
|
||||||
|
@@ -417,6 +422,74 @@ char *string;
|
||||||
|
return ((addr & mask) == net);
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifndef DISABLE_WILDCARD_MATCHING
|
||||||
|
+/* Note: this feature has been adapted in a pretty straightforward way
|
||||||
|
+ from Tatu Ylonen's last SSH version under free license by
|
||||||
|
+ Pekka Savola <pekkas@netcore.fi>.
|
||||||
|
+
|
||||||
|
+ Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
+*/
|
||||||
|
+
|
||||||
|
+/* Returns true if the given string matches the pattern (which may contain
|
||||||
|
+ ? and * as wildcards), and zero if it does not match. */
|
||||||
|
+
|
||||||
|
+int match_pattern_ylo(const char *s, const char *pattern)
|
||||||
|
+{
|
||||||
|
+ while (1)
|
||||||
|
+ {
|
||||||
|
+ /* If at end of pattern, accept if also at end of string. */
|
||||||
|
+ if (!*pattern)
|
||||||
|
+ return !*s;
|
||||||
|
+
|
||||||
|
+ /* Process '*'. */
|
||||||
|
+ if (*pattern == '*')
|
||||||
|
+ {
|
||||||
|
+ /* Skip the asterisk. */
|
||||||
|
+ pattern++;
|
||||||
|
+
|
||||||
|
+ /* If at end of pattern, accept immediately. */
|
||||||
|
+ if (!*pattern)
|
||||||
|
+ return 1;
|
||||||
|
+
|
||||||
|
+ /* If next character in pattern is known, optimize. */
|
||||||
|
+ if (*pattern != '?' && *pattern != '*')
|
||||||
|
+ {
|
||||||
|
+ /* Look instances of the next character in pattern, and try
|
||||||
|
+ to match starting from those. */
|
||||||
|
+ for (; *s; s++)
|
||||||
|
+ if (*s == *pattern &&
|
||||||
|
+ match_pattern_ylo(s + 1, pattern + 1))
|
||||||
|
+ return 1;
|
||||||
|
+ /* Failed. */
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Move ahead one character at a time and try to match at each
|
||||||
|
+ position. */
|
||||||
|
+ for (; *s; s++)
|
||||||
|
+ if (match_pattern_ylo(s, pattern))
|
||||||
|
+ return 1;
|
||||||
|
+ /* Failed. */
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* There must be at least one more character in the string. If we are
|
||||||
|
+ at the end, fail. */
|
||||||
|
+ if (!*s)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ /* Check if the next character of the string is acceptable. */
|
||||||
|
+ if (*pattern != '?' && *pattern != *s)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ /* Move to the next character, both in string and in pattern. */
|
||||||
|
+ s++;
|
||||||
|
+ pattern++;
|
||||||
|
+ }
|
||||||
|
+ /*NOTREACHED*/
|
||||||
|
+}
|
||||||
|
+#endif /* DISABLE_WILDCARD_MATCHING */
|
||||||
|
+
|
||||||
|
#ifdef HAVE_IPV6
|
||||||
|
/*
|
||||||
|
* Function that zeros all but the first "maskbits" bits of the IPV6 address
|
@ -0,0 +1,69 @@
|
|||||||
|
--- tcp_wrappers_7.6/hosts_access.5.orig 2011-04-20 16:10:25.000000000 -0600
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.5 2011-04-20 16:29:50.000000000 -0600
|
||||||
|
@@ -90,6 +90,9 @@ bitwise AND of the address and the `mask
|
||||||
|
pattern `131.155.72.0/255.255.254.0\' matches every address in the
|
||||||
|
range `131.155.72.0\' through `131.155.73.255\'.
|
||||||
|
.IP \(bu
|
||||||
|
+An expression of the form `n.n.n.n/m\' is interpreted as a
|
||||||
|
+`net/prefixlen\' pair, as below, for IPv4 addresses.
|
||||||
|
+.IP \(bu
|
||||||
|
An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a
|
||||||
|
`[net/prefixlen]\' pair. An IPv6 host address is matched if
|
||||||
|
`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
|
||||||
|
--- tcp_wrappers_7.6/tcpd.h.orig 2011-04-20 16:10:25.000000000 -0600
|
||||||
|
+++ tcp_wrappers_7.6/tcpd.h 2011-04-20 16:11:56.000000000 -0600
|
||||||
|
@@ -164,6 +164,7 @@ extern void refuse __P((struct request_i
|
||||||
|
extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
|
||||||
|
extern char *split_at __P((char *, int)); /* strchr() and split */
|
||||||
|
extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
|
||||||
|
+extern unsigned long prefix_to_netmask __P((char *)); /* 0-32 prefix length */
|
||||||
|
extern int numeric_addr __P((char *, union gen_addr *, int *, int *)); /* IP4/IP6 inet_addr (restricted) */
|
||||||
|
extern struct hostent *tcpd_gethostbyname __P((char *, int));
|
||||||
|
/* IP4/IP6 gethostbyname */
|
||||||
|
--- tcp_wrappers_7.6/misc.c.orig 2011-04-20 16:10:25.000000000 -0600
|
||||||
|
+++ tcp_wrappers_7.6/misc.c 2011-04-20 16:13:39.000000000 -0600
|
||||||
|
@@ -16,6 +16,7 @@ static char sccsic[] = "@(#) misc.c 1.2
|
||||||
|
#include <string.h>
|
||||||
|
#include <ctype.h>
|
||||||
|
#include <netdb.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
|
||||||
|
#include "tcpd.h"
|
||||||
|
|
||||||
|
@@ -214,3 +215,21 @@ char *str;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* HAVE_IPV6 */
|
||||||
|
+
|
||||||
|
+/* prefix_to_netmask - convert prefix (0-32) to netmask */
|
||||||
|
+
|
||||||
|
+unsigned long prefix_to_netmask(str)
|
||||||
|
+char *str;
|
||||||
|
+{
|
||||||
|
+ unsigned long prefix;
|
||||||
|
+ char *endptr;
|
||||||
|
+
|
||||||
|
+ if (!isdigit(str[0]))
|
||||||
|
+ return INADDR_NONE;
|
||||||
|
+
|
||||||
|
+ prefix = strtoul(str, &endptr, 10);
|
||||||
|
+ if ((endptr == str) || (*endptr != '\0') || (prefix > 32))
|
||||||
|
+ return INADDR_NONE;
|
||||||
|
+
|
||||||
|
+ return htonl(~0UL << (32 - prefix));
|
||||||
|
+}
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.c.orig 2011-04-20 16:10:25.000000000 -0600
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.c 2011-04-20 16:21:07.000000000 -0600
|
||||||
|
@@ -420,8 +420,11 @@ char *string;
|
||||||
|
return (NO);
|
||||||
|
if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
|
||||||
|
|| ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
|
||||||
|
- && strcmp(mask_tok, "255.255.255.255"))) {
|
||||||
|
+ && strcmp(mask_tok, "255.255.255.255")
|
||||||
|
+ && (mask = prefix_to_netmask(mask_tok)) == INADDR_NONE
|
||||||
|
+ && strcmp(mask_tok, "32"))) {
|
||||||
|
/* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */
|
||||||
|
+ /* 32 == INADDR_NONE, separate check needed. philipp */
|
||||||
|
tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
|
||||||
|
return (NO); /* not tcpd_jump() */
|
||||||
|
}
|
@ -0,0 +1,12 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/hosts_access.5.patch8 tcp_wrappers_7.6/hosts_access.5
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.5.patch8 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -333,7 +333,7 @@ in.tftpd: LOCAL, .my.domain
|
||||||
|
/etc/hosts.deny:
|
||||||
|
.in +3
|
||||||
|
.nf
|
||||||
|
-in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\
|
||||||
|
+in.tftpd: ALL: spawn (/some/where/safe_finger -l @%h | \\
|
||||||
|
/usr/ucb/mail -s %d-%h root) &
|
||||||
|
.fi
|
||||||
|
.PP
|
@ -0,0 +1,21 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/hosts_access.c.patch15 tcp_wrappers_7.6/hosts_access.c
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.c.patch15 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -127,7 +127,7 @@ struct request_info *request;
|
||||||
|
verdict = setjmp(tcpd_buf);
|
||||||
|
if (verdict != 0)
|
||||||
|
return (verdict == AC_PERMIT);
|
||||||
|
- if (table_match(hosts_allow_table, request))
|
||||||
|
+ if (table_match(hosts_allow_table, request) == YES)
|
||||||
|
return (YES);
|
||||||
|
if (table_match(hosts_deny_table, request) == NO)
|
||||||
|
return (YES);
|
||||||
|
@@ -177,7 +177,7 @@ struct request_info *request;
|
||||||
|
tcpd_warn("cannot open %s: %m", table);
|
||||||
|
match = ERR;
|
||||||
|
}
|
||||||
|
- if (match) {
|
||||||
|
+ if (match == YES) {
|
||||||
|
if (hosts_access_verbose > 1)
|
||||||
|
syslog(LOG_DEBUG, "matched: %s line %d",
|
||||||
|
tcpd_context.file, tcpd_context.line);
|
@ -0,0 +1,27 @@
|
|||||||
|
--- tcp_wrappers_7.6-ipv6.4/socket.c.patch7 1999-10-27 15:23:14.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/socket.c 2013-01-23 11:41:48.776857327 +0100
|
||||||
|
@@ -54,6 +54,8 @@ int af;
|
||||||
|
{
|
||||||
|
char dot_name[MAXHOSTNAMELEN + 1];
|
||||||
|
|
||||||
|
+ struct hostent *hp;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Don't append dots to unqualified names. Such names are likely to come
|
||||||
|
* from local hosts files or from NIS.
|
||||||
|
@@ -62,8 +64,13 @@ int af;
|
||||||
|
if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
|
||||||
|
return (tcpd_gethostbyname(name, af));
|
||||||
|
} else {
|
||||||
|
- sprintf(dot_name, "%s.", name);
|
||||||
|
- return (tcpd_gethostbyname(dot_name, af));
|
||||||
|
+ sprintf(dot_name, "%s.", name);
|
||||||
|
+ hp = tcpd_gethostbyname(dot_name, af);
|
||||||
|
+ if (hp)
|
||||||
|
+ return hp;
|
||||||
|
+
|
||||||
|
+ else
|
||||||
|
+ return tcpd_gethostbyname(name, af);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,79 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/tcpdmatch.8.inetdconf tcp_wrappers_7.6/tcpdmatch.8
|
||||||
|
--- tcp_wrappers_7.6/tcpdmatch.8.inetdconf 2010-06-16 14:39:32.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/tcpdmatch.8 2010-06-16 14:42:25.000000000 +0200
|
||||||
|
@@ -2,9 +2,9 @@
|
||||||
|
.SH NAME
|
||||||
|
tcpdmatch \- tcp wrapper oracle
|
||||||
|
.SH SYNOPSYS
|
||||||
|
-tcpdmatch [-d] [-i inet_conf] daemon client
|
||||||
|
+tcpdmatch [-d] daemon client
|
||||||
|
.sp
|
||||||
|
-tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client
|
||||||
|
+tcpdmatch [-d] daemon[@server] [user@]client
|
||||||
|
.SH DESCRIPTION
|
||||||
|
.PP
|
||||||
|
\fItcpdmatch\fR predicts how the tcp wrapper would handle a specific
|
||||||
|
@@ -48,10 +48,6 @@ The default user name is `unknown'.
|
||||||
|
.IP -d
|
||||||
|
Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
|
||||||
|
directory instead of the default ones.
|
||||||
|
-.IP "-i inet_conf"
|
||||||
|
-Specify this option when \fItcpdmatch\fR is unable to find your
|
||||||
|
-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
|
||||||
|
-you suspect that the program uses the wrong one.
|
||||||
|
.SH EXAMPLES
|
||||||
|
To predict how \fItcpd\fR would handle a telnet request from the local
|
||||||
|
system:
|
||||||
|
@@ -82,11 +78,8 @@ The default locations of the \fItcpd\fR
|
||||||
|
.SH SEE ALSO
|
||||||
|
.na
|
||||||
|
.nf
|
||||||
|
-tcpdchk(8), tcpd configuration checker
|
||||||
|
hosts_access(5), format of the tcpd access control tables.
|
||||||
|
hosts_options(5), format of the language extensions.
|
||||||
|
-inetd.conf(5), format of the inetd control file.
|
||||||
|
-tlid.conf(5), format of the tlid control file.
|
||||||
|
.SH AUTHORS
|
||||||
|
.na
|
||||||
|
.nf
|
||||||
|
diff -up tcp_wrappers_7.6/tcpdmatch.c.inetdconf tcp_wrappers_7.6/tcpdmatch.c
|
||||||
|
--- tcp_wrappers_7.6/tcpdmatch.c.inetdconf 2010-06-16 14:37:09.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/tcpdmatch.c 2010-06-16 14:39:18.000000000 +0200
|
||||||
|
@@ -140,25 +140,6 @@ char **argv;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Analyze the inetd (or tlid) configuration file, so that we can warn
|
||||||
|
- * the user about services that may not be wrapped, services that are not
|
||||||
|
- * configured, or services that are wrapped in an incorrect manner. Allow
|
||||||
|
- * for services that are not run from inetd, or that have tcpd access
|
||||||
|
- * control built into them.
|
||||||
|
- */
|
||||||
|
- inetcf = inet_cfg(inetcf);
|
||||||
|
- inet_set("portmap", WR_NOT);
|
||||||
|
- inet_set("rpcbind", WR_NOT);
|
||||||
|
- switch (inet_get(daemon)) {
|
||||||
|
- case WR_UNKNOWN:
|
||||||
|
- tcpd_warn("%s: no such process name in %s", daemon, inetcf);
|
||||||
|
- break;
|
||||||
|
- case WR_NOT:
|
||||||
|
- tcpd_warn("%s: service possibly not wrapped", daemon);
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
* Check accessibility of access control files.
|
||||||
|
*/
|
||||||
|
(void) check_path(hosts_allow_table, &st);
|
||||||
|
@@ -319,10 +300,9 @@ char **argv;
|
||||||
|
static void usage(myname)
|
||||||
|
char *myname;
|
||||||
|
{
|
||||||
|
- fprintf(stderr, "usage: %s [-d] [-i inet_conf] daemon[@host] [user@]host\n",
|
||||||
|
+ fprintf(stderr, "usage: %s [-d] daemon[@host] [user@]host\n",
|
||||||
|
myname);
|
||||||
|
fprintf(stderr, " -d: use allow/deny files in current directory\n");
|
||||||
|
- fprintf(stderr, " -i: location of inetd.conf file\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,62 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/options.c.initgroups tcp_wrappers_7.6/options.c
|
||||||
|
--- tcp_wrappers_7.6/options.c.initgroups 2011-08-11 23:10:43.610418714 +0200
|
||||||
|
+++ tcp_wrappers_7.6/options.c 2011-08-12 05:51:17.748481294 +0200
|
||||||
|
@@ -256,8 +256,12 @@ struct request_info *request;
|
||||||
|
tcpd_jump("unknown group: \"%s\"", value);
|
||||||
|
endgrent();
|
||||||
|
|
||||||
|
- if (dry_run == 0 && setgid(grp->gr_gid))
|
||||||
|
- tcpd_jump("setgid(%s): %m", value);
|
||||||
|
+ if (dry_run != 0) {
|
||||||
|
+ if (setgid(grp->gr_gid))
|
||||||
|
+ tcpd_jump("setgid(%s): %m", value);
|
||||||
|
+ if (setgroups(0, NULL))
|
||||||
|
+ tcpd_jump("setgroups(%s): %m", value);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* user_option - switch user id */
|
||||||
|
@@ -271,15 +275,26 @@ struct request_info *request;
|
||||||
|
struct passwd *pwd;
|
||||||
|
struct passwd *getpwnam();
|
||||||
|
char *group;
|
||||||
|
+ int defaultgroup = 0;
|
||||||
|
|
||||||
|
if ((group = split_at(value, '.')) != 0)
|
||||||
|
group_option(group, request);
|
||||||
|
+ else
|
||||||
|
+ defaultgroup = 1;
|
||||||
|
if ((pwd = getpwnam(value)) == 0)
|
||||||
|
tcpd_jump("unknown user: \"%s\"", value);
|
||||||
|
endpwent();
|
||||||
|
|
||||||
|
- if (dry_run == 0 && setuid(pwd->pw_uid))
|
||||||
|
- tcpd_jump("setuid(%s): %m", value);
|
||||||
|
+ if (dry_run != 0) {
|
||||||
|
+ if (setuid(pwd->pw_uid))
|
||||||
|
+ tcpd_jump("setuid(%s): %m", value);
|
||||||
|
+ if (defaultgroup) {
|
||||||
|
+ if (setgid(pwd->pw_gid))
|
||||||
|
+ tcpd_jump("setgid(%s): %m", value);
|
||||||
|
+ if (initgroups(value, pwd->pw_gid))
|
||||||
|
+ tcpd_jump("initgroups(%s): %m", value);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* umask_option - set file creation mask */
|
||||||
|
diff -up tcp_wrappers_7.6/safe_finger.c.initgroups tcp_wrappers_7.6/safe_finger.c
|
||||||
|
--- tcp_wrappers_7.6/safe_finger.c.initgroups 2011-08-12 05:54:06.068606291 +0200
|
||||||
|
+++ tcp_wrappers_7.6/safe_finger.c 2011-08-12 05:55:34.835483785 +0200
|
||||||
|
@@ -66,9 +66,11 @@ char **argv;
|
||||||
|
if (getuid() == 0 || geteuid() == 0) {
|
||||||
|
if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
|
||||||
|
setgid(pwd->pw_gid);
|
||||||
|
+ initgroups(UNPRIV_NAME, pwd->pw_gid);
|
||||||
|
setuid(pwd->pw_uid);
|
||||||
|
} else {
|
||||||
|
setgid(UNPRIV_UGID);
|
||||||
|
+ setgroups(0, NULL);
|
||||||
|
setuid(UNPRIV_UGID);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,42 @@
|
|||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/Makefile.cflags tcp_wrappers_7.6-ipv6.4/Makefile
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/Makefile.cflags 2018-03-08 09:59:29.854718081 +0100
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/Makefile 2018-03-08 09:59:49.282840150 +0100
|
||||||
|
@@ -741,31 +741,31 @@ $(LIB): $(LIB_OBJ)
|
||||||
|
|
||||||
|
$(SHLIB): $(LIB_OBJ)
|
||||||
|
gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \
|
||||||
|
- -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS)
|
||||||
|
+ -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LDFLAGS) $(LIBS)
|
||||||
|
ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR)
|
||||||
|
ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
|
||||||
|
|
||||||
|
tcpd: tcpd.o $(LIB)
|
||||||
|
- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
|
||||||
|
+ $(CC) $(CFLAGS) -o $@ tcpd.o $(LDFLAGS) $(LIB) $(LIBS)
|
||||||
|
|
||||||
|
miscd: miscd.o $(LIB)
|
||||||
|
- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
|
||||||
|
+ $(CC) $(CFLAGS) -o $@ miscd.o $(LDFLAGS) $(LIB) $(LIBS)
|
||||||
|
|
||||||
|
safe_finger: safe_finger.o $(LIB)
|
||||||
|
- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
|
||||||
|
+ $(CC) $(CFLAGS) -o $@ safe_finger.o $(LDFLAGS) $(LIB) $(LIBS)
|
||||||
|
|
||||||
|
TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
|
||||||
|
|
||||||
|
tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
|
||||||
|
- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
|
||||||
|
+ $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
|
||||||
|
|
||||||
|
try-from: try-from.o fakelog.o $(LIB)
|
||||||
|
- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
|
||||||
|
+ $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LDFLAGS) $(LIB) $(LIBS)
|
||||||
|
|
||||||
|
TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
|
||||||
|
|
||||||
|
tcpdchk: $(TCPDCHK_OBJ) $(LIB)
|
||||||
|
- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
|
||||||
|
+ $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
|
||||||
|
|
||||||
|
shar: $(KIT)
|
||||||
|
@shar $(KIT)
|
@ -0,0 +1,71 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/Makefile.man tcp_wrappers_7.6/Makefile
|
||||||
|
diff -up tcp_wrappers_7.6/safe_finger.8.man tcp_wrappers_7.6/safe_finger.8
|
||||||
|
--- tcp_wrappers_7.6/safe_finger.8.man 2010-02-05 09:19:38.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/safe_finger.8 2010-02-05 09:11:12.000000000 +0100
|
||||||
|
@@ -0,0 +1,34 @@
|
||||||
|
+.TH SAFE_FINGER 8 "21th June 1997" Linux "Linux Programmer's Manual"
|
||||||
|
+.SH NAME
|
||||||
|
+safe_finger \- finger client wrapper that protects against nasty stuff
|
||||||
|
+from finger servers
|
||||||
|
+.SH SYNOPSIS
|
||||||
|
+.B safe_finger [finger_options]
|
||||||
|
+.SH DESCRIPTION
|
||||||
|
+The
|
||||||
|
+.B safe_finger
|
||||||
|
+command protects against nasty stuff from finger servers. Use this
|
||||||
|
+program for automatic reverse finger probes from the
|
||||||
|
+.B tcp_wrapper
|
||||||
|
+.B (tcpd)
|
||||||
|
+, not the raw finger command. The
|
||||||
|
+.B safe_finger
|
||||||
|
+command makes sure that the finger client is not run with root
|
||||||
|
+privileges. It also runs the finger client with a defined PATH
|
||||||
|
+environment.
|
||||||
|
+.B safe_finger
|
||||||
|
+will also protect you from problems caused by the output of some
|
||||||
|
+finger servers. The problem: some programs may react to stuff in
|
||||||
|
+the first column. Other programs may get upset by thrash anywhere
|
||||||
|
+on a line. File systems may fill up as the finger server keeps
|
||||||
|
+sending data. Text editors may bomb out on extremely long lines.
|
||||||
|
+The finger server may take forever because it is somehow wedged.
|
||||||
|
+.B safe_finger
|
||||||
|
+takes care of all this badness.
|
||||||
|
+.SH SEE ALSO
|
||||||
|
+.BR hosts_access (5),
|
||||||
|
+.BR hosts_options (5),
|
||||||
|
+.BR tcpd (8)
|
||||||
|
+.SH AUTHOR
|
||||||
|
+Wietse Venema, Eindhoven University of Technology, The Netherlands.
|
||||||
|
+
|
||||||
|
diff -up tcp_wrappers_7.6/try-from.8.man tcp_wrappers_7.6/try-from.8
|
||||||
|
--- tcp_wrappers_7.6/try-from.8.man 2010-02-05 09:20:00.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/try-from.8 2010-02-05 09:12:54.000000000 +0100
|
||||||
|
@@ -0,0 +1,28 @@
|
||||||
|
+.TH TRY-FROM 8 "21th June 1997" Linux "Linux Programmer's Manual"
|
||||||
|
+.SH NAME
|
||||||
|
+try-from \- test program for the tcp_wrapper
|
||||||
|
+.SH SYNOPSIS
|
||||||
|
+.B try-from
|
||||||
|
+.SH DESCRIPTION
|
||||||
|
+The
|
||||||
|
+.B try\-from
|
||||||
|
+command can be called via a remote shell command to find out
|
||||||
|
+if the hostname and address are properly recognized
|
||||||
|
+by the
|
||||||
|
+.B tcp_wrapper
|
||||||
|
+library, if username lookup works, and (SysV only) if the TLI
|
||||||
|
+on top of IP heuristics work. Diagnostics are reported through
|
||||||
|
+.BR syslog (3)
|
||||||
|
+and redirected to stderr.
|
||||||
|
+
|
||||||
|
+Example:
|
||||||
|
+
|
||||||
|
+rsh host /some/where/try\-from
|
||||||
|
+
|
||||||
|
+.SH SEE ALSO
|
||||||
|
+.BR hosts_access (5),
|
||||||
|
+.BR hosts_options (5),
|
||||||
|
+.BR tcpd (8)
|
||||||
|
+.SH AUTHOR
|
||||||
|
+Wietse Venema, Eindhoven University of Technology, The Netherlands.
|
||||||
|
+
|
@ -0,0 +1,267 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/Makefile.patch11 tcp_wrappers_7.6/Makefile
|
||||||
|
--- tcp_wrappers_7.6/Makefile.patch11 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -150,8 +150,8 @@ netbsd:
|
||||||
|
|
||||||
|
linux:
|
||||||
|
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
- LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||||
|
- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all
|
||||||
|
+ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
|
||||||
|
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -fPIC -DPIC -D_REENTRANT -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all
|
||||||
|
|
||||||
|
linux-old:
|
||||||
|
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
@@ -249,7 +249,7 @@ tandem:
|
||||||
|
|
||||||
|
# Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
|
||||||
|
uts215:
|
||||||
|
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
LIBS="-lsocket" RANLIB=echo \
|
||||||
|
ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
|
||||||
|
|
||||||
|
@@ -706,8 +706,9 @@ KIT = README miscd.c tcpd.c fromhost.c h
|
||||||
|
scaffold.h tcpdmatch.8 README.NIS
|
||||||
|
|
||||||
|
LIB = libwrap.a
|
||||||
|
+SHLIB = libwrap.so
|
||||||
|
|
||||||
|
-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
|
||||||
|
+all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(SHLIB)
|
||||||
|
|
||||||
|
# Invalidate all object files when the compiler options (CFLAGS) have changed.
|
||||||
|
|
||||||
|
@@ -724,6 +725,12 @@ $(LIB): $(LIB_OBJ)
|
||||||
|
$(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
|
||||||
|
-$(RANLIB) $(LIB)
|
||||||
|
|
||||||
|
+$(SHLIB): $(LIB_OBJ)
|
||||||
|
+ gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \
|
||||||
|
+ -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS)
|
||||||
|
+ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR)
|
||||||
|
+ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
|
||||||
|
+
|
||||||
|
tcpd: tcpd.o $(LIB)
|
||||||
|
$(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
|
||||||
|
|
||||||
|
@@ -906,5 +913,6 @@ update.o: cflags
|
||||||
|
update.o: mystdarg.h
|
||||||
|
update.o: tcpd.h
|
||||||
|
vfprintf.o: cflags
|
||||||
|
+weak_symbols.o: tcpd.h
|
||||||
|
workarounds.o: cflags
|
||||||
|
workarounds.o: tcpd.h
|
||||||
|
diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
|
||||||
|
--- tcp_wrappers_7.6/tcpd.h.patch11 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/tcpd.h 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -4,6 +4,25 @@
|
||||||
|
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+#ifndef _TCPWRAPPERS_TCPD_H
|
||||||
|
+#define _TCPWRAPPERS_TCPD_H
|
||||||
|
+
|
||||||
|
+/* someone else may have defined this */
|
||||||
|
+#undef __P
|
||||||
|
+
|
||||||
|
+/* use prototypes if we have an ANSI C compiler or are using C++ */
|
||||||
|
+#if defined(__STDC__) || defined(__cplusplus)
|
||||||
|
+#define __P(args) args
|
||||||
|
+#else
|
||||||
|
+#define __P(args) ()
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* Need definitions of struct sockaddr_in and FILE. */
|
||||||
|
+#include <netinet/in.h>
|
||||||
|
+#include <stdio.h>
|
||||||
|
+
|
||||||
|
+__BEGIN_DECLS
|
||||||
|
+
|
||||||
|
/* Structure to describe one communications endpoint. */
|
||||||
|
|
||||||
|
#define STRING_LENGTH 128 /* hosts, users, processes */
|
||||||
|
@@ -92,10 +111,10 @@ struct request_info {
|
||||||
|
char pid[10]; /* access via eval_pid(request) */
|
||||||
|
struct host_info client[1]; /* client endpoint info */
|
||||||
|
struct host_info server[1]; /* server endpoint info */
|
||||||
|
- void (*sink) (); /* datagram sink function or 0 */
|
||||||
|
- void (*hostname) (); /* address to printable hostname */
|
||||||
|
- void (*hostaddr) (); /* address to printable address */
|
||||||
|
- void (*cleanup) (); /* cleanup function or 0 */
|
||||||
|
+ void (*sink) __P((int)); /* datagram sink function or 0 */
|
||||||
|
+ void (*hostname) __P((struct host_info *)); /* address to printable hostname */
|
||||||
|
+ void (*hostaddr) __P((struct host_info *)); /* address to printable address */
|
||||||
|
+ void (*cleanup) __P((struct request_info *)); /* cleanup function or 0 */
|
||||||
|
struct netconfig *config; /* netdir handle */
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -132,33 +151,38 @@ extern char paranoid[];
|
||||||
|
/* Global functions. */
|
||||||
|
|
||||||
|
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
|
||||||
|
-extern void fromhost(); /* get/validate client host info */
|
||||||
|
+extern void fromhost __P((struct request_info *)); /* get/validate client host info */
|
||||||
|
#else
|
||||||
|
#define fromhost sock_host /* no TLI support needed */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-extern int hosts_access(); /* access control */
|
||||||
|
-extern void shell_cmd(); /* execute shell command */
|
||||||
|
-extern char *percent_x(); /* do %<char> expansion */
|
||||||
|
-extern void rfc931(); /* client name from RFC 931 daemon */
|
||||||
|
-extern void clean_exit(); /* clean up and exit */
|
||||||
|
-extern void refuse(); /* clean up and exit */
|
||||||
|
-extern char *xgets(); /* fgets() on steroids */
|
||||||
|
-extern char *split_at(); /* strchr() and split */
|
||||||
|
-extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
|
||||||
|
-extern int numeric_addr(); /* IP4/IP6 inet_addr (restricted) */
|
||||||
|
-extern struct hostent *tcpd_gethostbyname();
|
||||||
|
+extern void shell_cmd __P((char *)); /* execute shell command */
|
||||||
|
+extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
|
||||||
|
+extern void rfc931 __P((struct sockaddr_gen *, struct sockaddr_gen *, char *)); /* client name from RFC 931 daemon */
|
||||||
|
+extern void clean_exit __P((struct request_info *)); /* clean up and exit */
|
||||||
|
+extern void refuse __P((struct request_info *)); /* clean up and exit */
|
||||||
|
+extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
|
||||||
|
+extern char *split_at __P((char *, int)); /* strchr() and split */
|
||||||
|
+extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
|
||||||
|
+extern int numeric_addr __P((char *, union gen_addr *, int *, int *)); /* IP4/IP6 inet_addr (restricted) */
|
||||||
|
+extern struct hostent *tcpd_gethostbyname __P((char *, int));
|
||||||
|
/* IP4/IP6 gethostbyname */
|
||||||
|
#ifdef HAVE_IPV6
|
||||||
|
-extern char *skip_ipv6_addrs(); /* skip over colons in IPv6 addrs */
|
||||||
|
+extern char *skip_ipv6_addrs __P((char *)); /* skip over colons in IPv6 addrs */
|
||||||
|
#else
|
||||||
|
#define skip_ipv6_addrs(x) x
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Global variables. */
|
||||||
|
|
||||||
|
+#ifdef HAVE_WEAKSYMS
|
||||||
|
+extern int allow_severity __attribute__ ((weak)); /* for connection logging */
|
||||||
|
+extern int deny_severity __attribute__ ((weak)); /* for connection logging */
|
||||||
|
+#else
|
||||||
|
extern int allow_severity; /* for connection logging */
|
||||||
|
extern int deny_severity; /* for connection logging */
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
extern char *hosts_allow_table; /* for verification mode redirection */
|
||||||
|
extern char *hosts_deny_table; /* for verification mode redirection */
|
||||||
|
extern int hosts_access_verbose; /* for verbose matching mode */
|
||||||
|
@@ -171,9 +195,14 @@ extern int resident; /* > 0 if residen
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef __STDC__
|
||||||
|
+extern int hosts_access(struct request_info *request);
|
||||||
|
+extern int hosts_ctl(char *daemon, char *client_name, char *client_addr,
|
||||||
|
+ char *client_user);
|
||||||
|
extern struct request_info *request_init(struct request_info *,...);
|
||||||
|
extern struct request_info *request_set(struct request_info *,...);
|
||||||
|
#else
|
||||||
|
+extern int hosts_access();
|
||||||
|
+extern int hosts_ctl();
|
||||||
|
extern struct request_info *request_init(); /* initialize request */
|
||||||
|
extern struct request_info *request_set(); /* update request structure */
|
||||||
|
#endif
|
||||||
|
@@ -196,27 +225,31 @@ extern struct request_info *request_set(
|
||||||
|
* host_info structures serve as caches for the lookup results.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-extern char *eval_user(); /* client user */
|
||||||
|
-extern char *eval_hostname(); /* printable hostname */
|
||||||
|
-extern char *eval_hostaddr(); /* printable host address */
|
||||||
|
-extern char *eval_hostinfo(); /* host name or address */
|
||||||
|
-extern char *eval_client(); /* whatever is available */
|
||||||
|
-extern char *eval_server(); /* whatever is available */
|
||||||
|
+extern char *eval_user __P((struct request_info *)); /* client user */
|
||||||
|
+extern char *eval_hostname __P((struct host_info *)); /* printable hostname */
|
||||||
|
+extern char *eval_hostaddr __P((struct host_info *)); /* printable host address */
|
||||||
|
+extern char *eval_hostinfo __P((struct host_info *)); /* host name or address */
|
||||||
|
+extern char *eval_client __P((struct request_info *)); /* whatever is available */
|
||||||
|
+extern char *eval_server __P((struct request_info *)); /* whatever is available */
|
||||||
|
#define eval_daemon(r) ((r)->daemon) /* daemon process name */
|
||||||
|
#define eval_pid(r) ((r)->pid) /* process id */
|
||||||
|
|
||||||
|
/* Socket-specific methods, including DNS hostname lookups. */
|
||||||
|
|
||||||
|
-extern void sock_host(); /* look up endpoint addresses */
|
||||||
|
-extern void sock_hostname(); /* translate address to hostname */
|
||||||
|
-extern void sock_hostaddr(); /* address to printable address */
|
||||||
|
+/* look up endpoint addresses */
|
||||||
|
+extern void sock_host __P((struct request_info *));
|
||||||
|
+/* translate address to hostname */
|
||||||
|
+extern void sock_hostname __P((struct host_info *));
|
||||||
|
+/* address to printable address */
|
||||||
|
+extern void sock_hostaddr __P((struct host_info *));
|
||||||
|
+
|
||||||
|
#define sock_methods(r) \
|
||||||
|
{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
|
||||||
|
|
||||||
|
/* The System V Transport-Level Interface (TLI) interface. */
|
||||||
|
|
||||||
|
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
|
||||||
|
-extern void tli_host(); /* look up endpoint addresses etc. */
|
||||||
|
+extern void tli_host __P((struct request_info *)); /* look up endpoint addresses etc. */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -257,7 +290,7 @@ extern struct tcpd_context tcpd_context;
|
||||||
|
* behavior.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-extern void process_options(); /* execute options */
|
||||||
|
+extern void process_options __P((char *, struct request_info *)); /* execute options */
|
||||||
|
extern int dry_run; /* verification flag */
|
||||||
|
|
||||||
|
/* Bug workarounds. */
|
||||||
|
@@ -296,3 +329,7 @@ extern char *fix_strtok();
|
||||||
|
#define strtok my_strtok
|
||||||
|
extern char *my_strtok();
|
||||||
|
#endif
|
||||||
|
+
|
||||||
|
+__END_DECLS
|
||||||
|
+
|
||||||
|
+#endif /* tcpd.h */
|
||||||
|
diff -up /dev/null tcp_wrappers_7.6/weak_symbols.c
|
||||||
|
--- /dev/null 2008-08-29 10:35:15.589003986 +0200
|
||||||
|
+++ tcp_wrappers_7.6/weak_symbols.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -0,0 +1,11 @@
|
||||||
|
+ /*
|
||||||
|
+ * @(#) weak_symbols.h 1.5 99/12/29 23:50
|
||||||
|
+ *
|
||||||
|
+ * Author: Anthony Towns <ajt@debian.org>
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_WEAKSYMS
|
||||||
|
+#include <syslog.h>
|
||||||
|
+int deny_severity = LOG_WARNING;
|
||||||
|
+int allow_severity = SEVERITY;
|
||||||
|
+#endif
|
||||||
|
diff -up tcp_wrappers_7.6/scaffold.c.patch11 tcp_wrappers_7.6/scaffold.c
|
||||||
|
--- tcp_wrappers_7.6/scaffold.c.patch11 2013-01-28 11:08:48.598273563 +0100
|
||||||
|
+++ tcp_wrappers_7.6/scaffold.c 2013-01-28 11:08:56.069316992 +0100
|
||||||
|
@@ -25,7 +25,7 @@ static char sccs_id[] = "@(#) scaffold.c
|
||||||
|
#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-extern char *malloc();
|
||||||
|
+extern void *malloc(size_t);
|
||||||
|
|
||||||
|
/* Application-specific. */
|
||||||
|
|
||||||
|
@@ -180,10 +180,12 @@ struct request_info *request;
|
||||||
|
|
||||||
|
/* ARGSUSED */
|
||||||
|
|
||||||
|
-void rfc931(request)
|
||||||
|
-struct request_info *request;
|
||||||
|
+void rfc931(rmt_sin, our_sin, dest)
|
||||||
|
+struct sockaddr_gen *rmt_sin;
|
||||||
|
+struct sockaddr_gen *our_sin;
|
||||||
|
+char *dest;
|
||||||
|
{
|
||||||
|
- strcpy(request->user, unknown);
|
||||||
|
+ strcpy(dest, unknown);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* check_path - examine accessibility */
|
@ -0,0 +1,40 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/hosts_access.c.patch12 tcp_wrappers_7.6/hosts_access.c
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.c.patch12 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -66,6 +66,7 @@ static char sep[] = ", \t\r\n";
|
||||||
|
|
||||||
|
#define YES 1
|
||||||
|
#define NO 0
|
||||||
|
+#define ERR -1
|
||||||
|
|
||||||
|
/*
|
||||||
|
* These variables are globally visible so that they can be redirected in
|
||||||
|
@@ -106,7 +107,6 @@ int hosts_access(request)
|
||||||
|
struct request_info *request;
|
||||||
|
{
|
||||||
|
int verdict;
|
||||||
|
-
|
||||||
|
/*
|
||||||
|
* If the (daemon, client) pair is matched by an entry in the file
|
||||||
|
* /etc/hosts.allow, access is granted. Otherwise, if the (daemon,
|
||||||
|
@@ -129,9 +129,9 @@ struct request_info *request;
|
||||||
|
return (verdict == AC_PERMIT);
|
||||||
|
if (table_match(hosts_allow_table, request))
|
||||||
|
return (YES);
|
||||||
|
- if (table_match(hosts_deny_table, request))
|
||||||
|
- return (NO);
|
||||||
|
- return (YES);
|
||||||
|
+ if (table_match(hosts_deny_table, request) == NO)
|
||||||
|
+ return (YES);
|
||||||
|
+ return (NO);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* table_match - match table entries with (daemon, client) pair */
|
||||||
|
@@ -175,6 +175,7 @@ struct request_info *request;
|
||||||
|
(void) fclose(fp);
|
||||||
|
} else if (errno != ENOENT) {
|
||||||
|
tcpd_warn("cannot open %s: %m", table);
|
||||||
|
+ match = ERR;
|
||||||
|
}
|
||||||
|
if (match) {
|
||||||
|
if (hosts_access_verbose > 1)
|
@ -0,0 +1,88 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/shell_cmd.c.patch20 tcp_wrappers_7.6/shell_cmd.c
|
||||||
|
--- tcp_wrappers_7.6/shell_cmd.c.patch20 1994-12-28 17:42:44.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/shell_cmd.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -20,6 +20,11 @@ static char sccsid[] = "@(#) shell_cmd.c
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <errno.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
+#include <sys/wait.h>
|
||||||
|
+#include <sys/stat.h>
|
||||||
|
+#include <fcntl.h>
|
||||||
|
|
||||||
|
extern void exit();
|
||||||
|
|
||||||
|
@@ -31,13 +36,42 @@ extern void exit();
|
||||||
|
|
||||||
|
static void do_child();
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * The sigchld handler. If there is a SIGCHLD caused by a child other than
|
||||||
|
+ * ours, we set a flag and raise the signal later.
|
||||||
|
+ */
|
||||||
|
+volatile static int foreign_sigchld;
|
||||||
|
+volatile static int our_child_pid;
|
||||||
|
+static void sigchld(int sig, siginfo_t *si, void *unused)
|
||||||
|
+{
|
||||||
|
+ if (si && si->si_pid != our_child_pid)
|
||||||
|
+ foreign_sigchld = 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* shell_cmd - execute shell command */
|
||||||
|
|
||||||
|
void shell_cmd(command)
|
||||||
|
char *command;
|
||||||
|
{
|
||||||
|
int child_pid;
|
||||||
|
- int wait_pid;
|
||||||
|
+
|
||||||
|
+ struct sigaction new_action, old_action;
|
||||||
|
+ sigset_t new_mask, old_mask, empty_mask;
|
||||||
|
+
|
||||||
|
+ new_action.sa_sigaction = &sigchld;
|
||||||
|
+ new_action.sa_flags = SA_SIGINFO;
|
||||||
|
+ sigemptyset(&new_action.sa_mask);
|
||||||
|
+ sigemptyset(&new_mask);
|
||||||
|
+ sigemptyset(&empty_mask);
|
||||||
|
+ sigaddset(&new_mask, SIGCHLD);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Set the variables for handler, set the handler and block the signal
|
||||||
|
+ * until we have the pid.
|
||||||
|
+ */
|
||||||
|
+ foreign_sigchld = 0; our_child_pid = 0;
|
||||||
|
+ sigprocmask(SIG_BLOCK, &new_mask, &old_mask);
|
||||||
|
+ sigaction(SIGCHLD, &new_action, &old_action);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Most of the work is done within the child process, to minimize the
|
||||||
|
@@ -49,12 +83,26 @@ char *command;
|
||||||
|
tcpd_warn("cannot fork: %m");
|
||||||
|
break;
|
||||||
|
case 00: /* child */
|
||||||
|
+ /* Clear the blocked mask for the child not to be surprised. */
|
||||||
|
+ sigprocmask(SIG_SETMASK, &empty_mask, 0);
|
||||||
|
do_child(command);
|
||||||
|
/* NOTREACHED */
|
||||||
|
default: /* parent */
|
||||||
|
- while ((wait_pid = wait((int *) 0)) != -1 && wait_pid != child_pid)
|
||||||
|
- /* void */ ;
|
||||||
|
+ our_child_pid = child_pid;
|
||||||
|
+ sigprocmask(SIG_UNBLOCK, &new_mask, 0);
|
||||||
|
+ while (waitpid(child_pid, (int *) 0, 0) == -1 && errno == EINTR);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Revert the signal mask and the SIGCHLD handler.
|
||||||
|
+ */
|
||||||
|
+ sigprocmask(SIG_SETMASK, &old_mask, 0);
|
||||||
|
+ sigaction(SIGCHLD, &old_action, 0);
|
||||||
|
+
|
||||||
|
+ /* If there was a foreign SIGCHLD, raise it after we have restored the old
|
||||||
|
+ * mask and handler. */
|
||||||
|
+ if (foreign_sigchld)
|
||||||
|
+ raise(SIGCHLD);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* do_child - exec command with { stdin, stdout, stderr } to /dev/null */
|
@ -0,0 +1,30 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/rfc931.c.patch19 tcp_wrappers_7.6/rfc931.c
|
||||||
|
--- tcp_wrappers_7.6/rfc931.c.patch19 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/rfc931.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -33,7 +33,7 @@ static char sccsid[] = "@(#) rfc931.c 1.
|
||||||
|
|
||||||
|
int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */
|
||||||
|
|
||||||
|
-static jmp_buf timebuf;
|
||||||
|
+static sigjmp_buf timebuf;
|
||||||
|
|
||||||
|
/* fsocket - open stdio stream on top of socket */
|
||||||
|
|
||||||
|
@@ -62,7 +62,7 @@ int protocol;
|
||||||
|
static void timeout(sig)
|
||||||
|
int sig;
|
||||||
|
{
|
||||||
|
- longjmp(timebuf, sig);
|
||||||
|
+ siglongjmp(timebuf, sig);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* rfc931 - return remote user name, given socket structures */
|
||||||
|
@@ -135,7 +135,7 @@ char *dest;
|
||||||
|
* Set up a timer so we won't get stuck while waiting for the server.
|
||||||
|
*/
|
||||||
|
|
||||||
|
- if (setjmp(timebuf) == 0) {
|
||||||
|
+ if (sigsetjmp(timebuf, 1) == 0) {
|
||||||
|
/* Save SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */
|
||||||
|
saved_timeout = alarm(0);
|
||||||
|
nact.sa_handler = timeout;
|
@ -0,0 +1,21 @@
|
|||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch tcp_wrappers_7.6-ipv6.4/hosts_access.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch 2013-01-28 10:19:20.424857730 +0100
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-01-28 10:19:44.719991745 +0100
|
||||||
|
@@ -514,7 +514,7 @@ static void ipv6_mask(in6p, maskbits)
|
||||||
|
struct in6_addr *in6p;
|
||||||
|
int maskbits;
|
||||||
|
{
|
||||||
|
- uchar_t *p = (uchar_t*) in6p;
|
||||||
|
+ unsigned char *p = (unsigned char*) in6p;
|
||||||
|
|
||||||
|
if (maskbits < 0 || maskbits >= IPV6_ABITS)
|
||||||
|
return;
|
||||||
|
@@ -525,7 +525,7 @@ int maskbits;
|
||||||
|
if (maskbits != 0)
|
||||||
|
*p++ &= 0xff << (8 - maskbits);
|
||||||
|
|
||||||
|
- while (p < (((uchar_t*) in6p)) + sizeof(*in6p))
|
||||||
|
+ while (p < (((unsigned char*) in6p)) + sizeof(*in6p))
|
||||||
|
*p++ = 0;
|
||||||
|
}
|
||||||
|
#endif
|
@ -0,0 +1,568 @@
|
|||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/clean_exit.c.warnings tcp_wrappers_7.6-ipv6.4/clean_exit.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/clean_exit.c.warnings 1994-12-28 17:42:20.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/clean_exit.c 2013-08-15 18:51:57.533244197 +0200
|
||||||
|
@@ -13,6 +13,7 @@ static char sccsid[] = "@(#) clean_exit.
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
|
||||||
|
extern void exit();
|
||||||
|
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/fakelog.c.warnings tcp_wrappers_7.6-ipv6.4/fakelog.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/fakelog.c.warnings 1994-12-28 17:42:22.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/fakelog.c 2013-08-15 18:51:57.533244197 +0200
|
||||||
|
@@ -17,6 +17,7 @@ static char sccsid[] = "@(#) fakelog.c 1
|
||||||
|
|
||||||
|
/* ARGSUSED */
|
||||||
|
|
||||||
|
+void
|
||||||
|
openlog(name, logopt, facility)
|
||||||
|
char *name;
|
||||||
|
int logopt;
|
||||||
|
@@ -27,6 +28,7 @@ int facility;
|
||||||
|
|
||||||
|
/* vsyslog - format one record */
|
||||||
|
|
||||||
|
+void
|
||||||
|
vsyslog(severity, fmt, ap)
|
||||||
|
int severity;
|
||||||
|
char *fmt;
|
||||||
|
@@ -43,6 +45,7 @@ va_list ap;
|
||||||
|
|
||||||
|
/* VARARGS */
|
||||||
|
|
||||||
|
+void
|
||||||
|
VARARGS(syslog, int, severity)
|
||||||
|
{
|
||||||
|
va_list ap;
|
||||||
|
@@ -56,6 +59,7 @@ VARARGS(syslog, int, severity)
|
||||||
|
|
||||||
|
/* closelog - dummy */
|
||||||
|
|
||||||
|
+void
|
||||||
|
closelog()
|
||||||
|
{
|
||||||
|
/* void */
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/fix_options.c.warnings tcp_wrappers_7.6-ipv6.4/fix_options.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/fix_options.c.warnings 2013-08-15 18:51:57.446243821 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/fix_options.c 2013-08-15 18:51:57.534244202 +0200
|
||||||
|
@@ -32,13 +32,15 @@ static char sccsid[] = "@(#) fix_options
|
||||||
|
|
||||||
|
/* fix_options - get rid of IP-level socket options */
|
||||||
|
|
||||||
|
+void
|
||||||
|
fix_options(request)
|
||||||
|
struct request_info *request;
|
||||||
|
{
|
||||||
|
#ifdef IP_OPTIONS
|
||||||
|
unsigned char optbuf[BUFFER_SIZE / 3], *cp;
|
||||||
|
char lbuf[BUFFER_SIZE], *lp;
|
||||||
|
- int optsize = sizeof(optbuf), ipproto;
|
||||||
|
+ unsigned int optsize = sizeof(optbuf);
|
||||||
|
+ int ipproto;
|
||||||
|
struct protoent *ip;
|
||||||
|
int fd = request->fd;
|
||||||
|
unsigned int opt;
|
||||||
|
@@ -46,7 +48,7 @@ struct request_info *request;
|
||||||
|
struct in_addr dummy;
|
||||||
|
#ifdef HAVE_IPV6
|
||||||
|
struct sockaddr_storage ss;
|
||||||
|
- int sslen;
|
||||||
|
+ unsigned int sslen;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* check if this is AF_INET socket
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.warnings tcp_wrappers_7.6-ipv6.4/hosts_access.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.warnings 2013-08-15 18:51:57.529244180 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-08-15 18:51:57.535244206 +0200
|
||||||
|
@@ -33,6 +33,9 @@ static char sccsid[] = "@(#) hosts_acces
|
||||||
|
#include <errno.h>
|
||||||
|
#include <setjmp.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <rpcsvc/ypclnt.h>
|
||||||
|
+#include <netdb.h>
|
||||||
|
|
||||||
|
extern char *fgets();
|
||||||
|
extern int errno;
|
||||||
|
@@ -49,6 +52,8 @@ extern int errno;
|
||||||
|
|
||||||
|
extern jmp_buf tcpd_buf;
|
||||||
|
|
||||||
|
+int match_pattern_ylo(const char *, const char *);
|
||||||
|
+
|
||||||
|
/* Delimiters for lists of daemons or clients. */
|
||||||
|
|
||||||
|
static char sep[] = ", \t\r\n";
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/inetcf.c.warnings tcp_wrappers_7.6-ipv6.4/inetcf.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/inetcf.c.warnings 2013-08-15 18:51:57.474243942 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/inetcf.c 2013-08-15 18:51:57.535244206 +0200
|
||||||
|
@@ -42,6 +42,8 @@ char *inet_files[] = {
|
||||||
|
static void inet_chk();
|
||||||
|
static char *base_name();
|
||||||
|
|
||||||
|
+int check_path(char *, struct stat *);
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Structure with everything we know about a service.
|
||||||
|
*/
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/options.c.warnings tcp_wrappers_7.6-ipv6.4/options.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/options.c.warnings 2013-08-15 18:51:57.520244141 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/options.c 2013-08-15 18:51:57.536244211 +0200
|
||||||
|
@@ -41,12 +41,14 @@ static char sccsid[] = "@(#) options.c 1
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <netdb.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <pwd.h>
|
||||||
|
#include <grp.h>
|
||||||
|
#include <ctype.h>
|
||||||
|
#include <setjmp.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
|
||||||
|
#ifndef MAXPATHNAMELEN
|
||||||
|
#define MAXPATHNAMELEN BUFSIZ
|
||||||
|
@@ -108,21 +110,21 @@ struct option {
|
||||||
|
/* List of known keywords. Add yours here. */
|
||||||
|
|
||||||
|
static struct option option_table[] = {
|
||||||
|
- "user", user_option, NEED_ARG,
|
||||||
|
- "group", group_option, NEED_ARG,
|
||||||
|
- "umask", umask_option, NEED_ARG,
|
||||||
|
- "linger", linger_option, NEED_ARG,
|
||||||
|
- "keepalive", keepalive_option, 0,
|
||||||
|
- "spawn", spawn_option, NEED_ARG | EXPAND_ARG,
|
||||||
|
- "twist", twist_option, NEED_ARG | EXPAND_ARG | USE_LAST,
|
||||||
|
- "rfc931", rfc931_option, OPT_ARG,
|
||||||
|
- "setenv", setenv_option, NEED_ARG | EXPAND_ARG,
|
||||||
|
- "nice", nice_option, OPT_ARG,
|
||||||
|
- "severity", severity_option, NEED_ARG,
|
||||||
|
- "allow", allow_option, USE_LAST,
|
||||||
|
- "deny", deny_option, USE_LAST,
|
||||||
|
- "banners", banners_option, NEED_ARG,
|
||||||
|
- 0,
|
||||||
|
+ { "user", user_option, NEED_ARG },
|
||||||
|
+ { "group", group_option, NEED_ARG },
|
||||||
|
+ { "umask", umask_option, NEED_ARG },
|
||||||
|
+ { "linger", linger_option, NEED_ARG },
|
||||||
|
+ { "keepalive", keepalive_option, 0 },
|
||||||
|
+ { "spawn", spawn_option, NEED_ARG | EXPAND_ARG },
|
||||||
|
+ { "twist", twist_option, NEED_ARG | EXPAND_ARG | USE_LAST },
|
||||||
|
+ { "rfc931", rfc931_option, OPT_ARG },
|
||||||
|
+ { "setenv", setenv_option, NEED_ARG | EXPAND_ARG },
|
||||||
|
+ { "nice", nice_option, OPT_ARG },
|
||||||
|
+ { "severity", severity_option, NEED_ARG },
|
||||||
|
+ { "allow", allow_option, USE_LAST },
|
||||||
|
+ { "deny", deny_option, USE_LAST },
|
||||||
|
+ { "banners", banners_option, NEED_ARG },
|
||||||
|
+ { NULL, NULL, 0 }
|
||||||
|
};
|
||||||
|
|
||||||
|
/* process_options - process access control options */
|
||||||
|
@@ -227,13 +229,13 @@ struct request_info *request;
|
||||||
|
sprintf(path, "%s/%s", value, eval_daemon(request));
|
||||||
|
if ((fp = fopen(path, "r")) != 0) {
|
||||||
|
while ((ch = fgetc(fp)) == 0)
|
||||||
|
- write(request->fd, "", 1);
|
||||||
|
+ if (write(request->fd, "", 1));
|
||||||
|
ungetc(ch, fp);
|
||||||
|
while (fgets(ibuf, sizeof(ibuf) - 1, fp)) {
|
||||||
|
if (split_at(ibuf, '\n'))
|
||||||
|
strcat(ibuf, "\r\n");
|
||||||
|
percent_x(obuf, sizeof(obuf), ibuf, request);
|
||||||
|
- write(request->fd, obuf, strlen(obuf));
|
||||||
|
+ if(write(request->fd, obuf, strlen(obuf)));
|
||||||
|
}
|
||||||
|
fclose(fp);
|
||||||
|
} else if (stat(value, &st) < 0) {
|
||||||
|
@@ -462,85 +464,85 @@ struct syslog_names {
|
||||||
|
|
||||||
|
static struct syslog_names log_fac[] = {
|
||||||
|
#ifdef LOG_KERN
|
||||||
|
- "kern", LOG_KERN,
|
||||||
|
+ { "kern", LOG_KERN },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_USER
|
||||||
|
- "user", LOG_USER,
|
||||||
|
+ { "user", LOG_USER },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_MAIL
|
||||||
|
- "mail", LOG_MAIL,
|
||||||
|
+ { "mail", LOG_MAIL },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_DAEMON
|
||||||
|
- "daemon", LOG_DAEMON,
|
||||||
|
+ { "daemon", LOG_DAEMON },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_AUTH
|
||||||
|
- "auth", LOG_AUTH,
|
||||||
|
+ { "auth", LOG_AUTH },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_LPR
|
||||||
|
- "lpr", LOG_LPR,
|
||||||
|
+ { "lpr", LOG_LPR },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_NEWS
|
||||||
|
- "news", LOG_NEWS,
|
||||||
|
+ { "news", LOG_NEWS },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_UUCP
|
||||||
|
- "uucp", LOG_UUCP,
|
||||||
|
+ { "uucp", LOG_UUCP },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_CRON
|
||||||
|
- "cron", LOG_CRON,
|
||||||
|
+ { "cron", LOG_CRON },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_LOCAL0
|
||||||
|
- "local0", LOG_LOCAL0,
|
||||||
|
+ { "local0", LOG_LOCAL0 },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_LOCAL1
|
||||||
|
- "local1", LOG_LOCAL1,
|
||||||
|
+ { "local1", LOG_LOCAL1 },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_LOCAL2
|
||||||
|
- "local2", LOG_LOCAL2,
|
||||||
|
+ { "local2", LOG_LOCAL2 },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_LOCAL3
|
||||||
|
- "local3", LOG_LOCAL3,
|
||||||
|
+ { "local3", LOG_LOCAL3 },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_LOCAL4
|
||||||
|
- "local4", LOG_LOCAL4,
|
||||||
|
+ { "local4", LOG_LOCAL4 },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_LOCAL5
|
||||||
|
- "local5", LOG_LOCAL5,
|
||||||
|
+ { "local5", LOG_LOCAL5 },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_LOCAL6
|
||||||
|
- "local6", LOG_LOCAL6,
|
||||||
|
+ { "local6", LOG_LOCAL6 },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_LOCAL7
|
||||||
|
- "local7", LOG_LOCAL7,
|
||||||
|
+ { "local7", LOG_LOCAL7 },
|
||||||
|
#endif
|
||||||
|
- 0,
|
||||||
|
+ { NULL, 0 }
|
||||||
|
};
|
||||||
|
|
||||||
|
static struct syslog_names log_sev[] = {
|
||||||
|
#ifdef LOG_EMERG
|
||||||
|
- "emerg", LOG_EMERG,
|
||||||
|
+ { "emerg", LOG_EMERG },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_ALERT
|
||||||
|
- "alert", LOG_ALERT,
|
||||||
|
+ { "alert", LOG_ALERT },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_CRIT
|
||||||
|
- "crit", LOG_CRIT,
|
||||||
|
+ { "crit", LOG_CRIT },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_ERR
|
||||||
|
- "err", LOG_ERR,
|
||||||
|
+ { "err", LOG_ERR },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_WARNING
|
||||||
|
- "warning", LOG_WARNING,
|
||||||
|
+ { "warning", LOG_WARNING },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_NOTICE
|
||||||
|
- "notice", LOG_NOTICE,
|
||||||
|
+ { "notice", LOG_NOTICE },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_INFO
|
||||||
|
- "info", LOG_INFO,
|
||||||
|
+ { "info", LOG_INFO },
|
||||||
|
#endif
|
||||||
|
#ifdef LOG_DEBUG
|
||||||
|
- "debug", LOG_DEBUG,
|
||||||
|
+ { "debug", LOG_DEBUG },
|
||||||
|
#endif
|
||||||
|
- 0,
|
||||||
|
+ { NULL, 0 }
|
||||||
|
};
|
||||||
|
|
||||||
|
/* severity_map - lookup facility or severity value */
|
||||||
|
@@ -601,7 +603,7 @@ char *string;
|
||||||
|
if (src[0] == 0)
|
||||||
|
return (0);
|
||||||
|
|
||||||
|
- while (ch = *src) {
|
||||||
|
+ while ((ch = *src)) {
|
||||||
|
if (ch == ':') {
|
||||||
|
if (*++src == 0)
|
||||||
|
tcpd_warn("rule ends in \":\"");
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/percent_m.c.warnings tcp_wrappers_7.6-ipv6.4/percent_m.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/percent_m.c.warnings 2003-04-16 16:12:24.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/percent_m.c 2013-08-15 18:51:57.536244211 +0200
|
||||||
|
@@ -29,7 +29,7 @@ char *ibuf;
|
||||||
|
char *bp = obuf;
|
||||||
|
char *cp = ibuf;
|
||||||
|
|
||||||
|
- while (*bp = *cp)
|
||||||
|
+ while ((*bp = *cp))
|
||||||
|
if (*cp == '%' && cp[1] == 'm') {
|
||||||
|
#ifdef USE_STRERROR
|
||||||
|
strcpy(bp, strerror(errno));
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/percent_x.c.warnings tcp_wrappers_7.6-ipv6.4/percent_x.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/percent_x.c.warnings 1994-12-28 17:42:38.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/percent_x.c 2013-08-15 18:51:57.537244215 +0200
|
||||||
|
@@ -19,6 +19,7 @@ static char sccsid[] = "@(#) percent_x.c
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
|
||||||
|
extern void exit();
|
||||||
|
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/rfc931.c.warnings tcp_wrappers_7.6-ipv6.4/rfc931.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/rfc931.c.warnings 2013-08-15 18:51:57.484243985 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/rfc931.c 2013-08-15 18:51:57.537244215 +0200
|
||||||
|
@@ -23,6 +23,7 @@ static char sccsid[] = "@(#) rfc931.c 1.
|
||||||
|
#include <setjmp.h>
|
||||||
|
#include <signal.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
|
||||||
|
/* Local stuff. */
|
||||||
|
|
||||||
|
@@ -81,7 +82,7 @@ char *dest;
|
||||||
|
char *cp;
|
||||||
|
char *result = unknown;
|
||||||
|
FILE *fp;
|
||||||
|
- unsigned saved_timeout;
|
||||||
|
+ unsigned saved_timeout = 0;
|
||||||
|
struct sigaction nact, oact;
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -165,7 +166,7 @@ char *dest;
|
||||||
|
* protocol, not part of the data.
|
||||||
|
*/
|
||||||
|
|
||||||
|
- if (cp = strchr(user, '\r'))
|
||||||
|
+ if ((cp = strchr(user, '\r')))
|
||||||
|
*cp = 0;
|
||||||
|
result = user;
|
||||||
|
}
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/safe_finger.c.warnings tcp_wrappers_7.6-ipv6.4/safe_finger.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/safe_finger.c.warnings 2013-08-15 18:51:57.521244146 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/safe_finger.c 2013-08-15 18:51:57.538244219 +0200
|
||||||
|
@@ -24,8 +24,13 @@ static char sccsid[] = "@(#) safe_finger
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <signal.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
+#include <fcntl.h>
|
||||||
|
+#include <sys/wait.h>
|
||||||
|
#include <ctype.h>
|
||||||
|
#include <pwd.h>
|
||||||
|
+#include <grp.h>
|
||||||
|
|
||||||
|
extern void exit();
|
||||||
|
|
||||||
|
@@ -40,6 +45,8 @@ char path[] = "PATH=/bin:/usr/bin:/us
|
||||||
|
#define UNPRIV_NAME "nobody" /* Preferred privilege level */
|
||||||
|
#define UNPRIV_UGID 32767 /* Default uid and gid */
|
||||||
|
|
||||||
|
+int pipe_stdin(char **);
|
||||||
|
+
|
||||||
|
int finger_pid;
|
||||||
|
|
||||||
|
void cleanup(sig)
|
||||||
|
@@ -49,6 +56,7 @@ int sig;
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
+int
|
||||||
|
main(argc, argv)
|
||||||
|
int argc;
|
||||||
|
char **argv;
|
||||||
|
@@ -65,13 +73,17 @@ char **argv;
|
||||||
|
*/
|
||||||
|
if (getuid() == 0 || geteuid() == 0) {
|
||||||
|
if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
|
||||||
|
- setgid(pwd->pw_gid);
|
||||||
|
+ if (setgid(pwd->pw_gid) != 0)
|
||||||
|
+ return 1;
|
||||||
|
initgroups(UNPRIV_NAME, pwd->pw_gid);
|
||||||
|
- setuid(pwd->pw_uid);
|
||||||
|
+ if (setuid(pwd->pw_uid))
|
||||||
|
+ return 1;
|
||||||
|
} else {
|
||||||
|
- setgid(UNPRIV_UGID);
|
||||||
|
+ if (setgid(UNPRIV_UGID))
|
||||||
|
+ return 1;
|
||||||
|
setgroups(0, NULL);
|
||||||
|
- setuid(UNPRIV_UGID);
|
||||||
|
+ if (setuid(UNPRIV_UGID))
|
||||||
|
+ return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/scaffold.c.warnings tcp_wrappers_7.6-ipv6.4/scaffold.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/scaffold.c.warnings 2013-08-15 18:51:57.457243868 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/scaffold.c 2013-08-15 18:51:57.538244219 +0200
|
||||||
|
@@ -20,6 +20,8 @@ static char sccs_id[] = "@(#) scaffold.c
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <setjmp.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
|
||||||
|
#ifndef INADDR_NONE
|
||||||
|
#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/socket.c.warnings tcp_wrappers_7.6-ipv6.4/socket.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/socket.c.warnings 2013-08-15 18:51:57.479243964 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/socket.c 2013-08-15 18:52:32.346394921 +0200
|
||||||
|
@@ -21,6 +21,7 @@ static char sccsid[] = "@(#) socket.c 1.
|
||||||
|
|
||||||
|
/* System libraries. */
|
||||||
|
|
||||||
|
+#include <arpa/inet.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/param.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
@@ -84,7 +85,7 @@ struct request_info *request;
|
||||||
|
{
|
||||||
|
static struct sockaddr_gen client;
|
||||||
|
static struct sockaddr_gen server;
|
||||||
|
- int len;
|
||||||
|
+ unsigned len;
|
||||||
|
char buf[BUFSIZ];
|
||||||
|
int fd = request->fd;
|
||||||
|
|
||||||
|
@@ -168,7 +169,7 @@ struct request_info *request;
|
||||||
|
sock_methods(request);
|
||||||
|
|
||||||
|
memcpy(&client, res->ai_addr, res->ai_addrlen);
|
||||||
|
- request->client->sin = (struct sockaddr *)&client;
|
||||||
|
+ request->client->sin = (struct sockaddr_gen *)&client;
|
||||||
|
freeaddrinfo(res);
|
||||||
|
|
||||||
|
request->client->name[0] = 0;
|
||||||
|
@@ -293,7 +294,7 @@ int fd;
|
||||||
|
{
|
||||||
|
char buf[BUFSIZ];
|
||||||
|
struct sockaddr_in sin;
|
||||||
|
- int size = sizeof(sin);
|
||||||
|
+ unsigned size = sizeof(sin);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Eat up the not-yet received datagram. Some systems insist on a
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/tcpdchk.c.warnings tcp_wrappers_7.6-ipv6.4/tcpdchk.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/tcpdchk.c.warnings 2013-08-15 18:51:57.529244180 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/tcpdchk.c 2013-08-15 18:51:57.540244228 +0200
|
||||||
|
@@ -30,6 +30,8 @@ static char sccsid[] = "@(#) tcpdchk.c 1
|
||||||
|
#include <errno.h>
|
||||||
|
#include <netdb.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
|
||||||
|
extern int errno;
|
||||||
|
extern void exit();
|
||||||
|
@@ -199,13 +201,15 @@ struct request_info *request;
|
||||||
|
char sv_list[BUFLEN]; /* becomes list of daemons */
|
||||||
|
char *cl_list; /* becomes list of requests */
|
||||||
|
char *sh_cmd; /* becomes optional shell command */
|
||||||
|
+#ifndef PROCESS_OPTIONS
|
||||||
|
char buf[BUFSIZ];
|
||||||
|
+#endif
|
||||||
|
int verdict;
|
||||||
|
struct tcpd_context saved_context;
|
||||||
|
|
||||||
|
saved_context = tcpd_context; /* stupid compilers */
|
||||||
|
|
||||||
|
- if (fp = fopen(table, "r")) {
|
||||||
|
+ if ((fp = fopen(table, "r"))) {
|
||||||
|
tcpd_context.file = table;
|
||||||
|
tcpd_context.line = 0;
|
||||||
|
while (xgets(sv_list, sizeof(sv_list), fp)) {
|
||||||
|
@@ -331,7 +335,7 @@ char *list;
|
||||||
|
clients = 0;
|
||||||
|
} else {
|
||||||
|
clients++;
|
||||||
|
- if (host = split_at(cp + 1, '@')) { /* user@host */
|
||||||
|
+ if ((host = split_at(cp + 1, '@'))) { /* user@host */
|
||||||
|
check_user(cp);
|
||||||
|
check_host(host);
|
||||||
|
} else {
|
||||||
|
@@ -449,7 +453,7 @@ char *pat;
|
||||||
|
if (err)
|
||||||
|
tcpd_warn("bad IP6 address specification: %s", pat);
|
||||||
|
#endif
|
||||||
|
- } else if (mask = split_at(pat, '/')) { /* network/netmask */
|
||||||
|
+ } else if ((mask = split_at(pat, '/'))) { /* network/netmask */
|
||||||
|
if (dot_quad_addr(pat) == INADDR_NONE
|
||||||
|
|| dot_quad_addr(mask) == INADDR_NONE)
|
||||||
|
tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/tcpd.c.warnings tcp_wrappers_7.6-ipv6.4/tcpd.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/tcpd.c.warnings 2013-08-15 18:51:57.450243838 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/tcpd.c 2013-08-15 18:51:57.540244228 +0200
|
||||||
|
@@ -24,6 +24,7 @@ static char sccsid[] = "@(#) tcpd.c 1.10
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
|
||||||
|
#ifndef MAXPATHNAMELEN
|
||||||
|
#define MAXPATHNAMELEN BUFSIZ
|
||||||
|
@@ -38,9 +39,12 @@ static char sccsid[] = "@(#) tcpd.c 1.10
|
||||||
|
#include "patchlevel.h"
|
||||||
|
#include "tcpd.h"
|
||||||
|
|
||||||
|
+void fix_options(struct request_info *);
|
||||||
|
+
|
||||||
|
int allow_severity = SEVERITY; /* run-time adjustable */
|
||||||
|
int deny_severity = LOG_WARNING; /* ditto */
|
||||||
|
|
||||||
|
+int
|
||||||
|
main(argc, argv)
|
||||||
|
int argc;
|
||||||
|
char **argv;
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/tcpdmatch.c.warnings tcp_wrappers_7.6-ipv6.4/tcpdmatch.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/tcpdmatch.c.warnings 2013-08-15 18:51:57.503244068 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/tcpdmatch.c 2013-08-15 18:51:57.541244232 +0200
|
||||||
|
@@ -26,9 +26,11 @@ static char sccsid[] = "@(#) tcpdmatch.c
|
||||||
|
#include <arpa/inet.h>
|
||||||
|
#include <netdb.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <setjmp.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
|
||||||
|
extern void exit();
|
||||||
|
extern int optind;
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/try-from.c.warnings tcp_wrappers_7.6-ipv6.4/try-from.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/try-from.c.warnings 1994-12-28 17:42:55.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/try-from.c 2013-08-15 18:51:57.541244232 +0200
|
||||||
|
@@ -37,6 +37,7 @@ static char sccsid[] = "@(#) try-from.c
|
||||||
|
int allow_severity = SEVERITY; /* run-time adjustable */
|
||||||
|
int deny_severity = LOG_WARNING; /* ditto */
|
||||||
|
|
||||||
|
+int
|
||||||
|
main(argc, argv)
|
||||||
|
int argc;
|
||||||
|
char **argv;
|
||||||
|
diff -up tcp_wrappers_7.6-ipv6.4/update.c.warnings tcp_wrappers_7.6-ipv6.4/update.c
|
||||||
|
--- tcp_wrappers_7.6-ipv6.4/update.c.warnings 1999-10-27 10:44:39.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6-ipv6.4/update.c 2013-08-15 18:51:57.541244232 +0200
|
||||||
|
@@ -22,6 +22,7 @@ static char sccsid[] = "@(#) update.c 1.
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
|
||||||
|
/* Local stuff. */
|
||||||
|
|
@ -0,0 +1,49 @@
|
|||||||
|
commit 3ae65dc9a1c78c3088a08091f5d948fbbb8929af
|
||||||
|
Author: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue Feb 23 17:28:15 2016 +0100
|
||||||
|
|
||||||
|
tcp_wrappers-7.6-xgets.patch
|
||||||
|
|
||||||
|
diff --git a/misc.c b/misc.c
|
||||||
|
index b248a5d..204546c 100644
|
||||||
|
--- a/misc.c
|
||||||
|
+++ b/misc.c
|
||||||
|
@@ -35,20 +35,32 @@ FILE *fp;
|
||||||
|
{
|
||||||
|
int got;
|
||||||
|
char *start = ptr;
|
||||||
|
+ int c, last;
|
||||||
|
|
||||||
|
- while (fgets(ptr, len, fp)) {
|
||||||
|
+ while (len && fgets(ptr, len, fp)) {
|
||||||
|
got = strlen(ptr);
|
||||||
|
if (got >= 1 && ptr[got - 1] == '\n') {
|
||||||
|
tcpd_context.line++;
|
||||||
|
if (got >= 2 && ptr[got - 2] == '\\') {
|
||||||
|
- got -= 2;
|
||||||
|
+ got -= 2;
|
||||||
|
} else {
|
||||||
|
- return (start);
|
||||||
|
+ return (start);
|
||||||
|
}
|
||||||
|
+ ptr += got;
|
||||||
|
+ len -= got;
|
||||||
|
+ ptr[0] = 0;
|
||||||
|
+ } else {
|
||||||
|
+ /* over buffer len */
|
||||||
|
+ last = (got >= 1) ? ptr[got - 1] : '\0';
|
||||||
|
+ while ((c = fgetc(fp)) != EOF) {
|
||||||
|
+ if (c == '\n') {
|
||||||
|
+ tcpd_context.line++;
|
||||||
|
+ if (last != '\\')
|
||||||
|
+ return (start);
|
||||||
|
+ }
|
||||||
|
+ last = c;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
- ptr += got;
|
||||||
|
- len -= got;
|
||||||
|
- ptr[0] = 0;
|
||||||
|
}
|
||||||
|
return (ptr > start ? start : 0);
|
||||||
|
}
|
@ -0,0 +1,473 @@
|
|||||||
|
Summary: A security tool which acts as a wrapper for TCP daemons
|
||||||
|
Name: tcp_wrappers
|
||||||
|
Version: 7.6
|
||||||
|
Release: 96%{?dist}
|
||||||
|
|
||||||
|
%global LIB_MAJOR 0
|
||||||
|
%global LIB_MINOR 7
|
||||||
|
%global LIB_REL 6
|
||||||
|
|
||||||
|
License: BSD
|
||||||
|
Source: ftp://ftp.porcupine.org/pub/security/%{name}_%{version}-ipv6.4.tar.gz
|
||||||
|
URL: ftp://ftp.porcupine.org/pub/security/index.html
|
||||||
|
Patch0: tcpw7.2-config.patch
|
||||||
|
Patch1: tcpw7.2-setenv.patch
|
||||||
|
Patch2: tcpw7.6-netgroup.patch
|
||||||
|
Patch3: tcp_wrappers-7.6-bug11881.patch
|
||||||
|
Patch4: tcp_wrappers-7.6-bug17795.patch
|
||||||
|
Patch5: tcp_wrappers-7.6-bug17847.patch
|
||||||
|
Patch6: tcp_wrappers-7.6-fixgethostbyname.patch
|
||||||
|
Patch7: tcp_wrappers-7.6-docu.patch
|
||||||
|
Patch8: tcp_wrappers-7.6-man.patch
|
||||||
|
Patch9: tcp_wrappers.usagi-ipv6.patch
|
||||||
|
Patch11: tcp_wrappers-7.6-shared.patch
|
||||||
|
Patch12: tcp_wrappers-7.6-sig.patch
|
||||||
|
Patch14: tcp_wrappers-7.6-ldflags.patch
|
||||||
|
Patch15: tcp_wrappers-7.6-fix_sig-bug141110.patch
|
||||||
|
Patch16: tcp_wrappers-7.6-162412.patch
|
||||||
|
Patch17: tcp_wrappers-7.6-220015.patch
|
||||||
|
Patch19: tcp_wrappers-7.6-siglongjmp.patch
|
||||||
|
Patch20: tcp_wrappers-7.6-sigchld.patch
|
||||||
|
Patch21: tcp_wrappers-7.6-196326.patch
|
||||||
|
Patch22: tcp_wrappers_7.6-249430.patch
|
||||||
|
Patch23: tcp_wrappers-7.6-inetdconf.patch
|
||||||
|
Patch24: tcp_wrappers-7.6-bug698464.patch
|
||||||
|
Patch26: tcp_wrappers-7.6-xgets.patch
|
||||||
|
Patch27: tcp_wrappers-7.6-initgroups.patch
|
||||||
|
Patch28: tcp_wrappers-7.6-warnings.patch
|
||||||
|
Patch29: tcp_wrappers-7.6-uchart_fix.patch
|
||||||
|
Patch30: tcp_wrappers-7.6-altformat.patch
|
||||||
|
# RFE: rhbz#1181815
|
||||||
|
Patch31: tcp_wrappers-7.6-aclexec.patch
|
||||||
|
# required by sin_scope_id in ipv6 patch
|
||||||
|
BuildRequires: glibc-devel >= 2.2
|
||||||
|
BuildRequires: libnsl2-devel
|
||||||
|
BuildRequires: gcc
|
||||||
|
Requires: tcp_wrappers-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description
|
||||||
|
The tcp_wrappers package provides small daemon programs which can
|
||||||
|
monitor and filter incoming requests for systat, finger, FTP, telnet,
|
||||||
|
rlogin, rsh, exec, tftp, talk and other network services.
|
||||||
|
|
||||||
|
Install the tcp_wrappers program if you need a security tool for
|
||||||
|
filtering incoming network services requests.
|
||||||
|
|
||||||
|
This version also supports IPv6.
|
||||||
|
|
||||||
|
%package libs
|
||||||
|
Summary: Libraries for tcp_wrappers
|
||||||
|
Obsoletes: tcp_wrappers-devel <= 0:7.6-91
|
||||||
|
|
||||||
|
%description libs
|
||||||
|
tcp_wrappers-libs contains the libraries of the tcp_wrappers package.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n %{name}_%{version}-ipv6.4
|
||||||
|
%patch0 -p1 -b .config
|
||||||
|
%patch1 -p1 -b .setenv
|
||||||
|
%patch2 -p1 -b .netgroup
|
||||||
|
%patch3 -p1 -b .bug11881
|
||||||
|
%patch4 -p1 -b .bug17795
|
||||||
|
%patch5 -p1 -b .bug17847
|
||||||
|
%patch6 -p1 -b .fixgethostbyname
|
||||||
|
%patch7 -p1 -b .docu
|
||||||
|
%patch8 -p1 -b .man
|
||||||
|
%patch9 -p1 -b .usagi-ipv6
|
||||||
|
%patch11 -p1 -b .shared
|
||||||
|
%patch12 -p1 -b .sig
|
||||||
|
%patch14 -p1 -b .ldflags
|
||||||
|
%patch15 -p1 -b .fix_sig
|
||||||
|
%patch16 -p1 -b .162412
|
||||||
|
%patch17 -p1 -b .220015
|
||||||
|
%patch19 -p1 -b .siglongjmp
|
||||||
|
%patch20 -p1 -b .sigchld
|
||||||
|
%patch21 -p1 -b .196326
|
||||||
|
%patch22 -p1 -b .249430
|
||||||
|
%patch23 -p1 -b .inetdconf
|
||||||
|
%patch24 -p1 -b .698464
|
||||||
|
%patch26 -p1 -b .xgets
|
||||||
|
%patch27 -p1 -b .initgroups
|
||||||
|
%patch29 -p1 -b .uchart_fix
|
||||||
|
%patch30 -p1 -b .altformat
|
||||||
|
%patch28 -p1 -b .warnings
|
||||||
|
%patch31 -p1 -b .aclexec
|
||||||
|
|
||||||
|
%build
|
||||||
|
make \
|
||||||
|
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR -DACLEXEC" \
|
||||||
|
LDFLAGS="$RPM_LD_FLAGS" \
|
||||||
|
MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux %{?_smp_mflags}
|
||||||
|
|
||||||
|
|
||||||
|
%install
|
||||||
|
rm -rf ${RPM_BUILD_ROOT}
|
||||||
|
mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
|
||||||
|
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}
|
||||||
|
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{3,5,8}
|
||||||
|
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
|
||||||
|
|
||||||
|
install -p -m644 hosts_access.3 ${RPM_BUILD_ROOT}%{_mandir}/man3
|
||||||
|
install -p -m644 hosts_access.5 hosts_options.5 ${RPM_BUILD_ROOT}%{_mandir}/man5
|
||||||
|
install -p -m644 tcpd.8 tcpdchk.8 tcpdmatch.8 safe_finger.8 try-from.8 ${RPM_BUILD_ROOT}%{_mandir}/man8
|
||||||
|
ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.allow.5
|
||||||
|
ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.deny.5
|
||||||
|
#cp -a libwrap.a ${RPM_BUILD_ROOT}%{_libdirdir}
|
||||||
|
cp -a libwrap.so* ${RPM_BUILD_ROOT}/%{_libdir}
|
||||||
|
#install -p -m644 libwrap.so.0.7.6 ${RPM_BUILD_ROOT}/%{_libdir}
|
||||||
|
install -p -m644 tcpd.h ${RPM_BUILD_ROOT}%{_includedir}
|
||||||
|
install -m755 safe_finger ${RPM_BUILD_ROOT}%{_sbindir}
|
||||||
|
install -m755 tcpd ${RPM_BUILD_ROOT}%{_sbindir}
|
||||||
|
install -m755 try-from ${RPM_BUILD_ROOT}%{_sbindir}
|
||||||
|
install -m755 tcpdmatch ${RPM_BUILD_ROOT}%{_sbindir}
|
||||||
|
|
||||||
|
# XXX remove utilities that expect /etc/inetd.conf (#16059).
|
||||||
|
#install -m755 tcpdchk ${RPM_BUILD_ROOT}%{_sbindir}
|
||||||
|
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdchk.*
|
||||||
|
|
||||||
|
# Remove the files from -devel subpackage
|
||||||
|
rm -f ${RPM_BUILD_ROOT}%{_includedir}/*
|
||||||
|
rm -f ${RPM_BUILD_ROOT}%{_libdir}/*.so
|
||||||
|
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man3/*
|
||||||
|
|
||||||
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
|
%files
|
||||||
|
%{!?_licensedir:%global license %%doc}
|
||||||
|
%license DISCLAIMER
|
||||||
|
%doc BLURB CHANGES README* Banners.Makefile
|
||||||
|
%{_sbindir}/*
|
||||||
|
%{_mandir}/man8/*
|
||||||
|
|
||||||
|
%files libs
|
||||||
|
%{!?_licensedir:%global license %%doc}
|
||||||
|
%license DISCLAIMER
|
||||||
|
%doc BLURB CHANGES README* Banners.Makefile
|
||||||
|
%{_libdir}/*.so.*
|
||||||
|
%{_mandir}/man5/*
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-96
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-95
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-94
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-93
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-92
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Mar 27 2018 Jakub Jelen <jjelen@redhat.com> - 7.6-91
|
||||||
|
- Properly obsolete devel subpackage (#1560757)
|
||||||
|
|
||||||
|
* Thu Mar 08 2018 Jakub Jelen <jjelen@redhat.com> - 7.6-90
|
||||||
|
- Properly inject build flags (#1548669)
|
||||||
|
|
||||||
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-89
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jan 31 2018 Jakub Jelen <jjelen@redhat.com> - 7.6-88
|
||||||
|
- Remove the devel subpackage (#1495181)
|
||||||
|
- Adjust build process for recent changes (nsl separated from glibc-headers)
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-87
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-86
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-85
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Nov 28 2016 Jakub Jelen <jjelen@redhat.com> - 7.6-84
|
||||||
|
- Fix packaging details (#226482)
|
||||||
|
|
||||||
|
* Tue Mar 01 2016 Jakub Jelen <jjelen@redhat.com> 7.6-83
|
||||||
|
- Fix behaviour for long lines in hosts_option files
|
||||||
|
|
||||||
|
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-82
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-81
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Feb 23 2015 Jakub Jelen <jjelen@redhat.com> 7.6-80
|
||||||
|
- add ACLEXEC option (#1181815)
|
||||||
|
|
||||||
|
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-79
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Aug 6 2014 Tom Callaway <spot@fedoraproject.org> - 7.6-78
|
||||||
|
- fix license handling
|
||||||
|
|
||||||
|
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-77
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Aug 15 2013 Petr Lautrbach <plautrba@redhat.com> 7.6-76
|
||||||
|
- clean warnings and fix compiler inet_ntop issue (#977995)
|
||||||
|
|
||||||
|
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-75
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 09 2013 Petr Lautrbach <plautrba@redhat.com> 7.6-74
|
||||||
|
- fix the tcp_wrappers-7.6-altformat.patch (#979009,#981788)
|
||||||
|
|
||||||
|
* Fri Feb 8 2013 Viktor Hercinger <vhercing@redhat.com> - 7.6-73
|
||||||
|
- Add full relro support
|
||||||
|
|
||||||
|
* Fri Feb 8 2013 Viktor Hercinger <vhercing@redhat.com> - 7.6-72
|
||||||
|
- Put binaries and libraries under /usr instead of root
|
||||||
|
|
||||||
|
* Mon Jan 28 2013 Viktor Hercinger <vhercing@redhat.com> - 7.6-71
|
||||||
|
- Updated to version with upstream IPv6 support
|
||||||
|
|
||||||
|
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-70
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-69
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Aug 16 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-68
|
||||||
|
- remove most of warnings
|
||||||
|
|
||||||
|
* Mon Aug 15 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-67
|
||||||
|
- clean (set up correctly) additional groups
|
||||||
|
|
||||||
|
* Mon Aug 15 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-66
|
||||||
|
- repair possible DOS in xgets
|
||||||
|
|
||||||
|
* Wed Aug 10 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-65
|
||||||
|
- Add partial relro support for libraries
|
||||||
|
|
||||||
|
* Tue May 24 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-64
|
||||||
|
- Improve the support for IPv4 /prefix notation (#698464)
|
||||||
|
|
||||||
|
* Wed May 4 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-61
|
||||||
|
- Add support for IPv4 /prefix notation (#698464)
|
||||||
|
|
||||||
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-60
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jun 16 2010 Jan F. Chadima <jchadima@redhat.com> - 7.6-59
|
||||||
|
- Add modified tcpdmatch (#604011)
|
||||||
|
|
||||||
|
* Fri Feb 5 2010 Jan F. Chadima <jchadima@redhat.com> - 7.6-58
|
||||||
|
- Add manual pages for safe_finger and try-from (#526190)
|
||||||
|
|
||||||
|
* Wed Jan 6 2010 Jan F. Chadima <jchadima@redhat.com> - 7.6-57
|
||||||
|
- Merge review (#226482)
|
||||||
|
|
||||||
|
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-56
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Apr 14 2009 Jan F. Chadima <jchadima@redhat.com> - 7.6-55
|
||||||
|
- resolving addr when name == "" (repair of patch #220015)
|
||||||
|
|
||||||
|
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-54
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Aug 29 2008 Jan Safranek <jsafranek@redhat.com> - 7.6-53
|
||||||
|
- rediff all patches to get rid of patch fuzz
|
||||||
|
|
||||||
|
* Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 7.6-52
|
||||||
|
- Autorebuild for GCC 4.3
|
||||||
|
|
||||||
|
* Tue Oct 16 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-51
|
||||||
|
- review changes
|
||||||
|
|
||||||
|
* Fri Aug 24 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-50
|
||||||
|
- license tag update (and rebuild for BuildID, etc.)
|
||||||
|
- include docs in the -libs subpackage, as it is the only one installed on most
|
||||||
|
systems (and to comply with the license text)
|
||||||
|
|
||||||
|
* Wed Jul 25 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-49
|
||||||
|
- fix for a.b.c.d/255.255.255.255 - fixes #249430
|
||||||
|
|
||||||
|
* Thu Jun 28 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-48
|
||||||
|
- dropped the hostname resolving patch
|
||||||
|
- resolve the address given to hosts_ctl to hostname, if hostname not given
|
||||||
|
- compare localhost and localhost.localdomain as the same
|
||||||
|
- fixed a few compile warnings
|
||||||
|
|
||||||
|
* Wed Jun 06 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-47
|
||||||
|
- fix the hostname resolving patch for x86_64
|
||||||
|
|
||||||
|
* Mon May 28 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-46
|
||||||
|
- modified the fix for #112975 to fix #156373 as well
|
||||||
|
|
||||||
|
* Fri May 25 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-45
|
||||||
|
- unblock and catch SIGCHLD from spawned shell commands, fixes #112975
|
||||||
|
|
||||||
|
* Mon Apr 16 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-44
|
||||||
|
- added restore_sigalarm and siglongjmp patches from Debian, fixes #205129
|
||||||
|
|
||||||
|
* Fri Mar 09 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-43
|
||||||
|
- resolve hostnames in hosts.{allow,deny}, should fix a bunch of issues with
|
||||||
|
IPv4/6
|
||||||
|
|
||||||
|
* Thu Mar 08 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-42.1
|
||||||
|
- moved libwrap.so* to /lib
|
||||||
|
- removed the static library libwrap.a
|
||||||
|
|
||||||
|
* Mon Mar 05 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-42
|
||||||
|
- added Obsoletes field so that the upgrade goes cleanly
|
||||||
|
- added dist tag
|
||||||
|
|
||||||
|
* Mon Dec 4 2006 Thomas Woerner <twoerner@redhat.com> 7.6-41
|
||||||
|
- moved devel libraries, headers and man pages into devel sub package (#193188)
|
||||||
|
- new libs sub package for libraries
|
||||||
|
- using BuildRequires instead of BuildPreReq
|
||||||
|
|
||||||
|
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 7.6-40.2.1
|
||||||
|
- rebuild
|
||||||
|
|
||||||
|
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 7.6-40.2
|
||||||
|
- bump again for double-long bug on ppc(64)
|
||||||
|
|
||||||
|
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 7.6-40.1
|
||||||
|
- rebuilt for new gcc4.1 snapshot and glibc changes
|
||||||
|
|
||||||
|
* Tue Jan 24 2006 Thomas Woerner <twoerner@redhat.com> 7.6-40
|
||||||
|
- fixed uninitialized fp in function inet_cfg (#162412)
|
||||||
|
|
||||||
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Fri May 6 2005 Thomas Woerner <twoerner@redhat.com> 7.6-39
|
||||||
|
- fixed sig patch (#141110). Thanks to Nikita Shulga for the patch
|
||||||
|
|
||||||
|
* Wed Feb 9 2005 Thomas Woerner <twoerner@redhat.com> 7.6-38
|
||||||
|
- rebuild
|
||||||
|
|
||||||
|
* Thu Oct 7 2004 Thomas Woerner <twoerner@redhat.com> 7.6-37.2
|
||||||
|
- new URL and spec file cleanup, patch from Robert Scheck
|
||||||
|
|
||||||
|
* Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 7.6-37.1
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Fri Mar 5 2004 Thomas Woerner <twoerner@redhat.com> 7.6-36
|
||||||
|
- pied tcpd
|
||||||
|
|
||||||
|
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Sun Feb 16 2003 Florian La Roche <Florian.LaRoche@redhat.de>
|
||||||
|
- use strerror #84312
|
||||||
|
|
||||||
|
* Tue Feb 11 2003 Harald Hoyer <harald@redhat.de> 7.6-33
|
||||||
|
- revert Nalins weak version
|
||||||
|
- link libwrap.so against libnsl, on which it depends
|
||||||
|
|
||||||
|
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 7.6-32
|
||||||
|
- link libwrap.so against libnsl, on which it depends
|
||||||
|
- add default (weak) versions of allow_severity and deny_severity to the shared
|
||||||
|
library so that configure tests can find it correctly
|
||||||
|
|
||||||
|
* Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29
|
||||||
|
- shared library generated and added #75494
|
||||||
|
- added security patch tcp_wrappers-7.6-sig.patch
|
||||||
|
- compile and link with -fPIC -DPIC
|
||||||
|
|
||||||
|
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Tue Jan 7 2003 Jeff Johnson <jbj@redhat.com> 7.6-25
|
||||||
|
- don't include -debuginfo files in package.
|
||||||
|
|
||||||
|
* Tue Nov 19 2002 Tim Powers <timp@redhat.com>
|
||||||
|
- rebuild on all arches
|
||||||
|
|
||||||
|
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
||||||
|
- automated rebuild
|
||||||
|
|
||||||
|
* Tue Jun 11 2002 Florian La Roche <Florian.LaRoche@redhat.de>
|
||||||
|
- fix #61192
|
||||||
|
- added Patch8 to fix #17847
|
||||||
|
- update IPv6 patch
|
||||||
|
|
||||||
|
* Thu May 23 2002 Tim Powers <timp@redhat.com>
|
||||||
|
- automated rebuild
|
||||||
|
|
||||||
|
* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
|
||||||
|
- automated rebuild
|
||||||
|
|
||||||
|
* Sun Mar 11 2001 Pekka Savola <pekkas@netcore.fi>
|
||||||
|
- Add IPv6 patch from USAGI, enable it.
|
||||||
|
|
||||||
|
* Mon Feb 5 2001 Preston Brown <pbrown@redhat.com>
|
||||||
|
- fix gethostbyname to work better with dot "." notation (#16949)
|
||||||
|
|
||||||
|
* Sat Dec 30 2000 Jeff Johnson <jbj@redhat.com>
|
||||||
|
- permit hosts.{allow,deny} to be assembled from included components (#17795).
|
||||||
|
- permit '*' and '?' wildcard matches on hostnames (#17847).
|
||||||
|
|
||||||
|
* Sun Nov 19 2000 Bill Nottingham <notting@redhat.com>
|
||||||
|
- ia64 needs -fPIC too
|
||||||
|
|
||||||
|
* Mon Aug 14 2000 Jeff Johnson <jbj@redhat.com>
|
||||||
|
- remove utilities that expect /etc/inetd.conf (#16059).
|
||||||
|
|
||||||
|
* Thu Jul 27 2000 Jeff Johnson <jbj@redhat.com>
|
||||||
|
- security hardening (#11881).
|
||||||
|
|
||||||
|
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
|
||||||
|
- automatic rebuild
|
||||||
|
|
||||||
|
* Tue Jun 6 2000 Jeff Johnson <jbj@redhat.com>
|
||||||
|
- FHS packaging.
|
||||||
|
|
||||||
|
* Tue May 16 2000 Chris Evans <chris@ferret.lmh.ox.ac.uk>
|
||||||
|
- Make tcpd mode -rwx--x--x as a security hardening measure
|
||||||
|
|
||||||
|
* Mon Feb 7 2000 Jeff Johnson <jbj@redhat.com>
|
||||||
|
- compress man pages.
|
||||||
|
|
||||||
|
* Mon Aug 23 1999 Jeff Johnson <jbj@redhat.com>
|
||||||
|
- add netgroup support (#3940).
|
||||||
|
|
||||||
|
* Wed May 26 1999 Jeff Johnson <jbj@redhat.com>
|
||||||
|
- compile on sparc with -fPIC.
|
||||||
|
|
||||||
|
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
|
||||||
|
- auto rebuild in the new build environment (release 7)
|
||||||
|
|
||||||
|
* Wed Dec 30 1998 Cristian Gafton <gafton@redhat.com>
|
||||||
|
- build for glibc 2.1
|
||||||
|
|
||||||
|
* Sat Aug 22 1998 Jeff Johnson <jbj@redhat.com>
|
||||||
|
- close setenv bug (problem #690)
|
||||||
|
- spec file cleanup
|
||||||
|
|
||||||
|
* Thu Jun 25 1998 Alan Cox <alan@redhat.com>
|
||||||
|
- Erp where did the Dec 05 patch escape to
|
||||||
|
|
||||||
|
* Thu May 07 1998 Prospector System <bugs@redhat.com>
|
||||||
|
- translations modified for de, fr, tr
|
||||||
|
|
||||||
|
* Fri Dec 05 1997 Erik Troan <ewt@redhat.com>
|
||||||
|
- don't build setenv.o module -- it just breaks things
|
||||||
|
|
||||||
|
* Wed Oct 29 1997 Marc Ewing <marc@redhat.com>
|
||||||
|
- upgrade to 7.6
|
||||||
|
|
||||||
|
* Thu Jul 17 1997 Erik Troan <ewt@redhat.com>
|
||||||
|
- built against glibc
|
||||||
|
|
||||||
|
* Mon Mar 03 1997 Erik Troan <ewt@redhat.com>
|
||||||
|
- Upgraded to version 7.5
|
||||||
|
- Uses a build root
|
@ -0,0 +1,271 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/fix_options.c.patch9 tcp_wrappers_7.6/fix_options.c
|
||||||
|
--- tcp_wrappers_7.6/fix_options.c.patch9 1997-04-08 02:29:19.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/fix_options.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -11,6 +11,9 @@ static char sccsid[] = "@(#) fix_options
|
||||||
|
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/param.h>
|
||||||
|
+#ifdef HAVE_IPV6
|
||||||
|
+#include <sys/socket.h>
|
||||||
|
+#endif
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <netinet/in_systm.h>
|
||||||
|
#include <netinet/ip.h>
|
||||||
|
@@ -41,6 +44,22 @@ struct request_info *request;
|
||||||
|
unsigned int opt;
|
||||||
|
int optlen;
|
||||||
|
struct in_addr dummy;
|
||||||
|
+#ifdef HAVE_IPV6
|
||||||
|
+ struct sockaddr_storage ss;
|
||||||
|
+ int sslen;
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * check if this is AF_INET socket
|
||||||
|
+ * XXX IPv6 support?
|
||||||
|
+ */
|
||||||
|
+ sslen = sizeof(ss);
|
||||||
|
+ if (getsockname(fd, (struct sockaddr *)&ss, &sslen) < 0) {
|
||||||
|
+ syslog(LOG_ERR, "getpeername: %m");
|
||||||
|
+ clean_exit(request);
|
||||||
|
+ }
|
||||||
|
+ if (ss.ss_family != AF_INET)
|
||||||
|
+ return;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if ((ip = getprotobyname("ip")) != 0)
|
||||||
|
ipproto = ip->p_proto;
|
||||||
|
diff -up tcp_wrappers_7.6/hosts_access.5.patch9 tcp_wrappers_7.6/hosts_access.5
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.5.patch9 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -85,11 +85,18 @@ member of the specified netgroup. Netgro
|
||||||
|
for daemon process names or for client user names.
|
||||||
|
.IP \(bu
|
||||||
|
An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a
|
||||||
|
-`net/mask\' pair. A host address is matched if `net\' is equal to the
|
||||||
|
+`net/mask\' pair. An IPv4 host address is matched if `net\' is equal to the
|
||||||
|
bitwise AND of the address and the `mask\'. For example, the net/mask
|
||||||
|
pattern `131.155.72.0/255.255.254.0\' matches every address in the
|
||||||
|
range `131.155.72.0\' through `131.155.73.255\'.
|
||||||
|
.IP \(bu
|
||||||
|
+An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a
|
||||||
|
+`[net/prefixlen]\' pair. An IPv6 host address is matched if
|
||||||
|
+`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
|
||||||
|
+address. For example, the [net/prefixlen] pattern
|
||||||
|
+`[3ffe:505:2:1::/64]\' matches every address in the range
|
||||||
|
+`3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'.
|
||||||
|
+.IP \(bu
|
||||||
|
A string that begins with a `/\' character is treated as a file
|
||||||
|
name. A host name or address is matched if it matches any host name
|
||||||
|
or address pattern listed in the named file. The file format is
|
||||||
|
diff -up tcp_wrappers_7.6/inetcf.c.patch9 tcp_wrappers_7.6/inetcf.c
|
||||||
|
--- tcp_wrappers_7.6/inetcf.c.patch9 1997-02-12 02:13:24.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/inetcf.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -26,6 +26,9 @@ extern void exit();
|
||||||
|
* guesses. Shorter names follow longer ones.
|
||||||
|
*/
|
||||||
|
char *inet_files[] = {
|
||||||
|
+#ifdef HAVE_IPV6
|
||||||
|
+ "/usr/local/v6/etc/inet6d.conf", /* KAME */
|
||||||
|
+#endif
|
||||||
|
"/private/etc/inetd.conf", /* NEXT */
|
||||||
|
"/etc/inet/inetd.conf", /* SYSV4 */
|
||||||
|
"/usr/etc/inetd.conf", /* IRIX?? */
|
||||||
|
diff -up tcp_wrappers_7.6/Makefile.patch9 tcp_wrappers_7.6/Makefile
|
||||||
|
--- tcp_wrappers_7.6/Makefile.patch9 2013-01-25 10:53:33.891349937 +0100
|
||||||
|
+++ tcp_wrappers_7.6/Makefile 2013-01-25 11:00:57.362801588 +0100
|
||||||
|
@@ -21,7 +21,7 @@ what:
|
||||||
|
@echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
|
||||||
|
@echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
|
||||||
|
@echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
|
||||||
|
- @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
|
||||||
|
+ @echo " sunos40 sunos5 solaris8 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
|
||||||
|
@echo " uts215 uxp"
|
||||||
|
@echo
|
||||||
|
@echo "If none of these match your environment, edit the system"
|
||||||
|
@@ -138,13 +138,25 @@ epix:
|
||||||
|
|
||||||
|
freebsd:
|
||||||
|
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
+ LIBS="-L/usr/local/v6/lib -linet6" \
|
||||||
|
LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
|
||||||
|
- EXTRA_CFLAGS=-DUSE_STRERROR VSYSLOG= all
|
||||||
|
+ EXTRA_CFLAGS="-DUSE_STRERROR -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all
|
||||||
|
+
|
||||||
|
+netbsd:
|
||||||
|
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
|
||||||
|
+ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all
|
||||||
|
|
||||||
|
linux:
|
||||||
|
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||||
|
- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||||
|
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all
|
||||||
|
+
|
||||||
|
+linux-old:
|
||||||
|
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
+ LIBS="/usr/inet6/lib/libinet6.a -lresolv" \
|
||||||
|
+ RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP= TLI= \
|
||||||
|
+ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=sin6_family -Dsockaddr_storage=sockaddr_in6 -I/usr/inet6/include" all
|
||||||
|
|
||||||
|
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
|
||||||
|
hpux hpux8 hpux9 hpux10:
|
||||||
|
@@ -197,6 +209,13 @@ sunos5:
|
||||||
|
BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" \
|
||||||
|
EXTRA_CFLAGS=-DUSE_STRERROR all
|
||||||
|
|
||||||
|
+# SunOS 5.8 is another SYSV4 variant, but has IPv6 support
|
||||||
|
+solaris8:
|
||||||
|
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
+ LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
|
||||||
|
+ NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
|
||||||
|
+ EXTRA_CFLAGS="-DNO_CLONE_DEVICE -DINT32_T" all
|
||||||
|
+
|
||||||
|
# Generic SYSV40
|
||||||
|
esix sysv4:
|
||||||
|
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
@@ -392,7 +411,7 @@ AR = ar
|
||||||
|
# the ones provided with this source distribution. The environ.c module
|
||||||
|
# implements setenv(), getenv(), and putenv().
|
||||||
|
|
||||||
|
-AUX_OBJ= setenv.o
|
||||||
|
+#AUX_OBJ= setenv.o
|
||||||
|
#AUX_OBJ= environ.o
|
||||||
|
#AUX_OBJ= environ.o strcasecmp.o
|
||||||
|
|
||||||
|
@@ -455,7 +474,7 @@ AUX_OBJ= setenv.o
|
||||||
|
# host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
|
||||||
|
# around this. The workaround does no harm on other Solaris versions.
|
||||||
|
|
||||||
|
-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
|
||||||
|
+#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
|
||||||
|
#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
|
||||||
|
#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
|
||||||
|
|
||||||
|
@@ -473,7 +492,7 @@ BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS
|
||||||
|
# If your system supports vsyslog(), comment out the following definition.
|
||||||
|
# If in doubt leave it in, it won't harm.
|
||||||
|
|
||||||
|
-VSYSLOG = -Dvsyslog=myvsyslog
|
||||||
|
+#VSYSLOG = -Dvsyslog=myvsyslog
|
||||||
|
|
||||||
|
###############################################################
|
||||||
|
# System dependencies: whether or not your system has IPV6
|
||||||
|
@@ -485,7 +504,7 @@ VSYSLOG = -Dvsyslog=myvsyslog
|
||||||
|
|
||||||
|
# If your system does not have getipnodebyname() but uses the obsolete
|
||||||
|
# gethostbyname2() instead, use this (AIX)
|
||||||
|
-# IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
|
||||||
|
+IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
|
||||||
|
|
||||||
|
# End of the system dependencies.
|
||||||
|
#################################
|
||||||
|
diff -up tcp_wrappers_7.6/misc.c.patch9 tcp_wrappers_7.6/misc.c
|
||||||
|
--- tcp_wrappers_7.6/misc.c.patch9 1996-02-11 17:01:30.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/misc.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -58,9 +58,31 @@ int delimiter;
|
||||||
|
{
|
||||||
|
char *cp;
|
||||||
|
|
||||||
|
+#ifdef HAVE_IPV6
|
||||||
|
+ int bracket = 0;
|
||||||
|
+
|
||||||
|
+ for (cp = string; cp && *cp; cp++) {
|
||||||
|
+ switch (*cp) {
|
||||||
|
+ case '[':
|
||||||
|
+ bracket++;
|
||||||
|
+ break;
|
||||||
|
+ case ']':
|
||||||
|
+ bracket--;
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ if (bracket == 0 && *cp == delimiter) {
|
||||||
|
+ *cp++ = 0;
|
||||||
|
+ return cp;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return (NULL);
|
||||||
|
+#else
|
||||||
|
if ((cp = strchr(string, delimiter)) != 0)
|
||||||
|
*cp++ = 0;
|
||||||
|
return (cp);
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
/* dot_quad_addr - convert dotted quad to internal form */
|
||||||
|
diff -up tcp_wrappers_7.6/refuse.c.patch9 tcp_wrappers_7.6/refuse.c
|
||||||
|
--- tcp_wrappers_7.6/refuse.c.patch9 1994-12-28 17:42:40.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/refuse.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -25,7 +25,12 @@ static char sccsid[] = "@(#) refuse.c 1.
|
||||||
|
void refuse(request)
|
||||||
|
struct request_info *request;
|
||||||
|
{
|
||||||
|
+#ifdef HAVE_IPV6
|
||||||
|
+ syslog(deny_severity, "refused connect from %s (%s)",
|
||||||
|
+ eval_client(request), eval_hostaddr(request->client));
|
||||||
|
+#else
|
||||||
|
syslog(deny_severity, "refused connect from %s", eval_client(request));
|
||||||
|
+#endif
|
||||||
|
clean_exit(request);
|
||||||
|
/* NOTREACHED */
|
||||||
|
}
|
||||||
|
diff -up tcp_wrappers_7.6/rfc931.c.patch9 tcp_wrappers_7.6/rfc931.c
|
||||||
|
--- tcp_wrappers_7.6/rfc931.c.patch9 2004-05-04 16:01:01.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/rfc931.c 2013-01-25 11:08:26.690292897 +0100
|
||||||
|
@@ -94,6 +94,12 @@ char *dest;
|
||||||
|
* sockets.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+ /* address family must be the same */
|
||||||
|
+ if (SGFAM(rmt_sin) != SGFAM(our_sin)) {
|
||||||
|
+ STRN_CPY(dest, result, STRING_LENGTH);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if ((fp = fsocket(SGFAM(rmt_sin), SOCK_STREAM, 0)) != 0) {
|
||||||
|
setbuf(fp, (char *) 0);
|
||||||
|
|
||||||
|
diff -up tcp_wrappers_7.6/tcpd.c.patch9 tcp_wrappers_7.6/tcpd.c
|
||||||
|
--- tcp_wrappers_7.6/tcpd.c.patch9 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/tcpd.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -120,7 +120,12 @@ char **argv;
|
||||||
|
|
||||||
|
/* Report request and invoke the real daemon program. */
|
||||||
|
|
||||||
|
+#ifdef HAVE_IPV6
|
||||||
|
+ syslog(allow_severity, "connect from %s (%s)",
|
||||||
|
+ eval_client(&request), eval_hostaddr(request.client));
|
||||||
|
+#else
|
||||||
|
syslog(allow_severity, "connect from %s", eval_client(&request));
|
||||||
|
+#endif
|
||||||
|
closelog();
|
||||||
|
(void) execv(path, argv);
|
||||||
|
syslog(LOG_ERR, "error: cannot execute %s: %m", path);
|
||||||
|
diff -up tcp_wrappers_7.6/workarounds.c.patch9 tcp_wrappers_7.6/workarounds.c
|
||||||
|
--- tcp_wrappers_7.6/workarounds.c.patch9 1996-03-19 16:22:26.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/workarounds.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -166,11 +166,22 @@ struct sockaddr *sa;
|
||||||
|
int *len;
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
+#ifdef HAVE_IPV6
|
||||||
|
+ struct sockaddr *sin = sa;
|
||||||
|
+#else
|
||||||
|
struct sockaddr_in *sin = (struct sockaddr_in *) sa;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if ((ret = getpeername(sock, sa, len)) >= 0
|
||||||
|
+#ifdef HAVE_IPV6
|
||||||
|
+ && ((sin->su_si.si_family == AF_INET6
|
||||||
|
+ && IN6_IS_ADDR_UNSPECIFIED(&sin->su_sin6.sin6_addr))
|
||||||
|
+ || (sin->su_si.si_family == AF_INET
|
||||||
|
+ && sin->su_sin.sin_addr.s_addr == 0))) {
|
||||||
|
+#else
|
||||||
|
&& sa->sa_family == AF_INET
|
||||||
|
&& sin->sin_addr.s_addr == 0) {
|
||||||
|
+#endif
|
||||||
|
errno = ENOTCONN;
|
||||||
|
return (-1);
|
||||||
|
} else {
|
@ -0,0 +1,14 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/hosts_access.c.patch22 tcp_wrappers_7.6/hosts_access.c
|
||||||
|
--- tcp_wrappers_7.6/hosts_access.c.patch22 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -419,7 +419,9 @@ char *string;
|
||||||
|
if ((addr = dot_quad_addr(string)) == INADDR_NONE)
|
||||||
|
return (NO);
|
||||||
|
if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
|
||||||
|
- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) {
|
||||||
|
+ || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
|
||||||
|
+ && strcmp(mask_tok, "255.255.255.255"))) {
|
||||||
|
+ /* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */
|
||||||
|
tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
|
||||||
|
return (NO); /* not tcpd_jump() */
|
||||||
|
}
|
@ -0,0 +1,94 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/Makefile.patch1 tcp_wrappers_7.6/Makefile
|
||||||
|
--- tcp_wrappers_7.6/Makefile.patch1 1997-03-21 19:27:21.000000000 +0100
|
||||||
|
+++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -44,7 +44,7 @@ what:
|
||||||
|
#REAL_DAEMON_DIR=/usr/etc
|
||||||
|
#
|
||||||
|
# SysV.4 Solaris 2.x OSF AIX
|
||||||
|
-#REAL_DAEMON_DIR=/usr/sbin
|
||||||
|
+REAL_DAEMON_DIR=/usr/sbin
|
||||||
|
#
|
||||||
|
# BSD 4.4
|
||||||
|
#REAL_DAEMON_DIR=/usr/libexec
|
||||||
|
@@ -144,7 +144,7 @@ freebsd:
|
||||||
|
linux:
|
||||||
|
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
|
||||||
|
- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER -DUSE_STRERROR" all
|
||||||
|
+ NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||||
|
|
||||||
|
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
|
||||||
|
hpux hpux8 hpux9 hpux10:
|
||||||
|
@@ -491,7 +491,7 @@ VSYSLOG = -Dvsyslog=myvsyslog
|
||||||
|
# Uncomment the next definition to turn on the language extensions
|
||||||
|
# (examples: allow, deny, banners, twist and spawn).
|
||||||
|
#
|
||||||
|
-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
|
||||||
|
+STYLE = -DPROCESS_OPTIONS # Enable language extensions.
|
||||||
|
|
||||||
|
################################################################
|
||||||
|
# Optional: Changing the default disposition of logfile records
|
||||||
|
@@ -514,7 +514,8 @@ VSYSLOG = -Dvsyslog=myvsyslog
|
||||||
|
#
|
||||||
|
# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
|
||||||
|
|
||||||
|
-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
|
||||||
|
+#FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
|
||||||
|
+FACILITY= LOG_AUTHPRIV # LOG_AUTHPRIV is more appropriate for RH 2.0
|
||||||
|
|
||||||
|
# The syslog priority at which successful connections are logged.
|
||||||
|
|
||||||
|
@@ -531,7 +532,7 @@ SEVERITY= LOG_INFO # LOG_INFO is normall
|
||||||
|
# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
|
||||||
|
# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
|
||||||
|
#
|
||||||
|
-# DOT= -DAPPEND_DOT
|
||||||
|
+DOT= -DAPPEND_DOT
|
||||||
|
|
||||||
|
##################################################
|
||||||
|
# Optional: Always attempt remote username lookups
|
||||||
|
@@ -551,7 +552,7 @@ SEVERITY= LOG_INFO # LOG_INFO is normall
|
||||||
|
# still do selective username lookups as documented in the hosts_access.5
|
||||||
|
# and hosts_options.5 manual pages (`nroff -man' format).
|
||||||
|
#
|
||||||
|
-#AUTH = -DALWAYS_RFC931
|
||||||
|
+AUTH = #-DALWAYS_RFC931
|
||||||
|
#
|
||||||
|
# The default username lookup timeout is 10 seconds. This may not be long
|
||||||
|
# enough for slow hosts or networks, but is enough to irritate PC users.
|
||||||
|
@@ -610,7 +611,7 @@ TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\
|
||||||
|
# Paranoid mode implies hostname lookup. In order to disable hostname
|
||||||
|
# lookups altogether, see the next section.
|
||||||
|
|
||||||
|
-PARANOID= -DPARANOID
|
||||||
|
+PARANOID= #-DPARANOID
|
||||||
|
|
||||||
|
########################################
|
||||||
|
# Optional: turning off hostname lookups
|
||||||
|
@@ -623,7 +624,7 @@ PARANOID= -DPARANOID
|
||||||
|
# In order to perform selective hostname lookups, disable paranoid
|
||||||
|
# mode (see previous section) and comment out the following definition.
|
||||||
|
|
||||||
|
-HOSTNAME= -DALWAYS_HOSTNAME
|
||||||
|
+HOSTNAME= #-DALWAYS_HOSTNAME
|
||||||
|
|
||||||
|
#############################################
|
||||||
|
# Optional: Turning on host ADDRESS checking
|
||||||
|
@@ -649,7 +650,7 @@ HOSTNAME= -DALWAYS_HOSTNAME
|
||||||
|
# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
|
||||||
|
# Solaris 2.x, and Linux. See your system documentation for details.
|
||||||
|
#
|
||||||
|
-# KILL_OPT= -DKILL_IP_OPTIONS
|
||||||
|
+KILL_OPT= -DKILL_IP_OPTIONS
|
||||||
|
|
||||||
|
## End configuration options
|
||||||
|
############################
|
||||||
|
@@ -659,7 +660,7 @@ HOSTNAME= -DALWAYS_HOSTNAME
|
||||||
|
SHELL = /bin/sh
|
||||||
|
.c.o:; $(CC) $(CFLAGS) -c $*.c
|
||||||
|
|
||||||
|
-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
|
||||||
|
+CFLAGS = -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
|
||||||
|
$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
|
||||||
|
-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
|
||||||
|
-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
|
@ -0,0 +1,12 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/Makefile.patch2 tcp_wrappers_7.6/Makefile
|
||||||
|
--- tcp_wrappers_7.6/Makefile.patch2 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -143,7 +143,7 @@ freebsd:
|
||||||
|
|
||||||
|
linux:
|
||||||
|
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
|
||||||
|
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||||
|
NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||||
|
|
||||||
|
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
|
@ -0,0 +1,14 @@
|
|||||||
|
diff -up tcp_wrappers_7.6/Makefile.patch3 tcp_wrappers_7.6/Makefile
|
||||||
|
--- tcp_wrappers_7.6/Makefile.patch3 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
+++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200
|
||||||
|
@@ -143,8 +143,8 @@ freebsd:
|
||||||
|
|
||||||
|
linux:
|
||||||
|
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||||
|
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||||
|
- NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||||
|
+ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||||
|
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||||
|
|
||||||
|
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
|
||||||
|
hpux hpux8 hpux9 hpux10:
|
Loading…
Reference in new issue