diff -up tcp_wrappers_7.6/fix_options.c.patch9 tcp_wrappers_7.6/fix_options.c --- tcp_wrappers_7.6/fix_options.c.patch9 1997-04-08 02:29:19.000000000 +0200 +++ tcp_wrappers_7.6/fix_options.c 2008-08-29 09:45:12.000000000 +0200 @@ -11,6 +11,9 @@ static char sccsid[] = "@(#) fix_options #include #include +#ifdef HAVE_IPV6 +#include +#endif #include #include #include @@ -41,6 +44,22 @@ struct request_info *request; unsigned int opt; int optlen; struct in_addr dummy; +#ifdef HAVE_IPV6 + struct sockaddr_storage ss; + int sslen; + + /* + * check if this is AF_INET socket + * XXX IPv6 support? + */ + sslen = sizeof(ss); + if (getsockname(fd, (struct sockaddr *)&ss, &sslen) < 0) { + syslog(LOG_ERR, "getpeername: %m"); + clean_exit(request); + } + if (ss.ss_family != AF_INET) + return; +#endif if ((ip = getprotobyname("ip")) != 0) ipproto = ip->p_proto; diff -up tcp_wrappers_7.6/hosts_access.5.patch9 tcp_wrappers_7.6/hosts_access.5 --- tcp_wrappers_7.6/hosts_access.5.patch9 2008-08-29 09:45:12.000000000 +0200 +++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200 @@ -85,11 +85,18 @@ member of the specified netgroup. Netgro for daemon process names or for client user names. .IP \(bu An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a -`net/mask\' pair. A host address is matched if `net\' is equal to the +`net/mask\' pair. An IPv4 host address is matched if `net\' is equal to the bitwise AND of the address and the `mask\'. For example, the net/mask pattern `131.155.72.0/255.255.254.0\' matches every address in the range `131.155.72.0\' through `131.155.73.255\'. .IP \(bu +An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a +`[net/prefixlen]\' pair. An IPv6 host address is matched if +`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the +address. For example, the [net/prefixlen] pattern +`[3ffe:505:2:1::/64]\' matches every address in the range +`3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'. +.IP \(bu A string that begins with a `/\' character is treated as a file name. A host name or address is matched if it matches any host name or address pattern listed in the named file. The file format is diff -up tcp_wrappers_7.6/inetcf.c.patch9 tcp_wrappers_7.6/inetcf.c --- tcp_wrappers_7.6/inetcf.c.patch9 1997-02-12 02:13:24.000000000 +0100 +++ tcp_wrappers_7.6/inetcf.c 2008-08-29 09:45:12.000000000 +0200 @@ -26,6 +26,9 @@ extern void exit(); * guesses. Shorter names follow longer ones. */ char *inet_files[] = { +#ifdef HAVE_IPV6 + "/usr/local/v6/etc/inet6d.conf", /* KAME */ +#endif "/private/etc/inetd.conf", /* NEXT */ "/etc/inet/inetd.conf", /* SYSV4 */ "/usr/etc/inetd.conf", /* IRIX?? */ diff -up tcp_wrappers_7.6/Makefile.patch9 tcp_wrappers_7.6/Makefile --- tcp_wrappers_7.6/Makefile.patch9 2013-01-25 10:53:33.891349937 +0100 +++ tcp_wrappers_7.6/Makefile 2013-01-25 11:00:57.362801588 +0100 @@ -21,7 +21,7 @@ what: @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix" @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211" @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4" - @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2" + @echo " sunos40 sunos5 solaris8 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2" @echo " uts215 uxp" @echo @echo "If none of these match your environment, edit the system" @@ -138,13 +138,25 @@ epix: freebsd: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="-L/usr/local/v6/lib -linet6" \ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ - EXTRA_CFLAGS=-DUSE_STRERROR VSYSLOG= all + EXTRA_CFLAGS="-DUSE_STRERROR -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all + +netbsd: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ + EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all linux: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ - NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all + NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all + +linux-old: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="/usr/inet6/lib/libinet6.a -lresolv" \ + RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP= TLI= \ + EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=sin6_family -Dsockaddr_storage=sockaddr_in6 -I/usr/inet6/include" all # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. hpux hpux8 hpux9 hpux10: @@ -197,6 +209,13 @@ sunos5: BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" \ EXTRA_CFLAGS=-DUSE_STRERROR all +# SunOS 5.8 is another SYSV4 variant, but has IPv6 support +solaris8: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \ + NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \ + EXTRA_CFLAGS="-DNO_CLONE_DEVICE -DINT32_T" all + # Generic SYSV40 esix sysv4: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ @@ -392,7 +411,7 @@ AR = ar # the ones provided with this source distribution. The environ.c module # implements setenv(), getenv(), and putenv(). -AUX_OBJ= setenv.o +#AUX_OBJ= setenv.o #AUX_OBJ= environ.o #AUX_OBJ= environ.o strcasecmp.o @@ -455,7 +474,7 @@ AUX_OBJ= setenv.o # host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work # around this. The workaround does no harm on other Solaris versions. -BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK +#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG @@ -473,7 +492,7 @@ BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS # If your system supports vsyslog(), comment out the following definition. # If in doubt leave it in, it won't harm. -VSYSLOG = -Dvsyslog=myvsyslog +#VSYSLOG = -Dvsyslog=myvsyslog ############################################################### # System dependencies: whether or not your system has IPV6 @@ -485,7 +504,7 @@ VSYSLOG = -Dvsyslog=myvsyslog # If your system does not have getipnodebyname() but uses the obsolete # gethostbyname2() instead, use this (AIX) -# IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2 +IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2 # End of the system dependencies. ################################# diff -up tcp_wrappers_7.6/misc.c.patch9 tcp_wrappers_7.6/misc.c --- tcp_wrappers_7.6/misc.c.patch9 1996-02-11 17:01:30.000000000 +0100 +++ tcp_wrappers_7.6/misc.c 2008-08-29 09:45:12.000000000 +0200 @@ -58,9 +58,31 @@ int delimiter; { char *cp; +#ifdef HAVE_IPV6 + int bracket = 0; + + for (cp = string; cp && *cp; cp++) { + switch (*cp) { + case '[': + bracket++; + break; + case ']': + bracket--; + break; + default: + if (bracket == 0 && *cp == delimiter) { + *cp++ = 0; + return cp; + } + break; + } + } + return (NULL); +#else if ((cp = strchr(string, delimiter)) != 0) *cp++ = 0; return (cp); +#endif } /* dot_quad_addr - convert dotted quad to internal form */ diff -up tcp_wrappers_7.6/refuse.c.patch9 tcp_wrappers_7.6/refuse.c --- tcp_wrappers_7.6/refuse.c.patch9 1994-12-28 17:42:40.000000000 +0100 +++ tcp_wrappers_7.6/refuse.c 2008-08-29 09:45:12.000000000 +0200 @@ -25,7 +25,12 @@ static char sccsid[] = "@(#) refuse.c 1. void refuse(request) struct request_info *request; { +#ifdef HAVE_IPV6 + syslog(deny_severity, "refused connect from %s (%s)", + eval_client(request), eval_hostaddr(request->client)); +#else syslog(deny_severity, "refused connect from %s", eval_client(request)); +#endif clean_exit(request); /* NOTREACHED */ } diff -up tcp_wrappers_7.6/rfc931.c.patch9 tcp_wrappers_7.6/rfc931.c --- tcp_wrappers_7.6/rfc931.c.patch9 2004-05-04 16:01:01.000000000 +0200 +++ tcp_wrappers_7.6/rfc931.c 2013-01-25 11:08:26.690292897 +0100 @@ -94,6 +94,12 @@ char *dest; * sockets. */ + /* address family must be the same */ + if (SGFAM(rmt_sin) != SGFAM(our_sin)) { + STRN_CPY(dest, result, STRING_LENGTH); + return; + } + if ((fp = fsocket(SGFAM(rmt_sin), SOCK_STREAM, 0)) != 0) { setbuf(fp, (char *) 0); diff -up tcp_wrappers_7.6/tcpd.c.patch9 tcp_wrappers_7.6/tcpd.c --- tcp_wrappers_7.6/tcpd.c.patch9 2008-08-29 09:45:12.000000000 +0200 +++ tcp_wrappers_7.6/tcpd.c 2008-08-29 09:45:12.000000000 +0200 @@ -120,7 +120,12 @@ char **argv; /* Report request and invoke the real daemon program. */ +#ifdef HAVE_IPV6 + syslog(allow_severity, "connect from %s (%s)", + eval_client(&request), eval_hostaddr(request.client)); +#else syslog(allow_severity, "connect from %s", eval_client(&request)); +#endif closelog(); (void) execv(path, argv); syslog(LOG_ERR, "error: cannot execute %s: %m", path); diff -up tcp_wrappers_7.6/workarounds.c.patch9 tcp_wrappers_7.6/workarounds.c --- tcp_wrappers_7.6/workarounds.c.patch9 1996-03-19 16:22:26.000000000 +0100 +++ tcp_wrappers_7.6/workarounds.c 2008-08-29 09:45:12.000000000 +0200 @@ -166,11 +166,22 @@ struct sockaddr *sa; int *len; { int ret; +#ifdef HAVE_IPV6 + struct sockaddr *sin = sa; +#else struct sockaddr_in *sin = (struct sockaddr_in *) sa; +#endif if ((ret = getpeername(sock, sa, len)) >= 0 +#ifdef HAVE_IPV6 + && ((sin->su_si.si_family == AF_INET6 + && IN6_IS_ADDR_UNSPECIFIED(&sin->su_sin6.sin6_addr)) + || (sin->su_si.si_family == AF_INET + && sin->su_sin.sin_addr.s_addr == 0))) { +#else && sa->sa_family == AF_INET && sin->sin_addr.s_addr == 0) { +#endif errno = ENOTCONN; return (-1); } else {