pool/tcpd
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tcpd?expand=0&rev=1

Browse Source
This commit is contained in:
OBS User unknown 2006-12-18 23:17:59 +00:00 committed by Git OBS Bridge
commit d3cc9ca362
21 changed files with 2192 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

0
ready Normal file
View File

19
tcp_wrappers_7.6-builtin.diff Normal file
View File

@ -0,0 +1,19 @@
--- scaffold.c
+++ scaffold.c
@@ -20,6 +20,8 @@
#include <syslog.h>
#include <setjmp.h>
#include <string.h>
+#include <stdlib.h>
+
#if defined(INET6) && !defined(USE_GETIPNODEBY)
#include <resolv.h>
#endif
@@ -28,7 +30,6 @@
#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
#endif
-extern char *malloc();
/* Application-specific. */

11
tcp_wrappers_7.6-fix_options-fix.diff Normal file
View File

@ -0,0 +1,11 @@
--- fix_options.c
+++ fix_options.c
@@ -53,7 +53,7 @@
* XXX IPv6 support?
*/
sslen = sizeof(ss);
- if (getsockname(fd, (struct sockaddr *)&ss, &sslen < 0)) {
+ if (getsockname(fd, (struct sockaddr *)&ss, &sslen) < 0) {
syslog(LOG_ERR, "getpeername: %m");
clean_exit(request);
}

27
tcp_wrappers_7.6-host_name_mapping-fix.diff Normal file
View File

@ -0,0 +1,27 @@
--- socket.c
+++ socket.c
@@ -270,7 +270,6 @@
res = res->ai_next;
}
- freeaddrinfo (resbase);
if (res == NULL)
{
@@ -279,6 +278,7 @@
host->name,
inet_ntop2 (sin6->sin6_family, &sin6->sin6_addr));
strncpy(host->name, paranoid, sizeof(host->name));
+ freeaddrinfo (resbase);
return;
}
@@ -289,7 +289,7 @@
host->name, res->ai_canonname,
inet_ntop2 (sin6->sin6_family, &sin6->sin6_addr));
}
-
+ freeaddrinfo (resbase);
return;
}
#else /* INET6 */

10
tcp_wrappers_7.6-hosts_ctl.diff Normal file
View File

@ -0,0 +1,10 @@
--- tcpd.h
+++ tcpd.h
@@ -128,6 +128,7 @@
#ifdef __STDC__
extern struct request_info *request_init(struct request_info *,...);
extern struct request_info *request_set(struct request_info *,...);
+extern int hosts_ctl(char *daemon, char *client_name, char *client_addr, char *client_user);
#else
extern struct request_info *request_init(); /* initialize request */
extern struct request_info *request_set(); /* update request structure */

3
tcp_wrappers_7.6-ipv6-1.6.diff.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4cc4bdc5a86f2b7aaa8257507e19de5cc36fc8f128e815f44c33da017048971f
size 8070

961
tcp_wrappers_7.6-ipv6-fix.diff Normal file
View File

@ -0,0 +1,961 @@
#
# This patch makes tcpd/libwrap work with IPv6, IPv4 and
# mapped IPv4 addresses.
#
# The approach is "convert everything to IPv6". It means that
# any IPv4 address I ever met either in /etc/hosts.* or that I get from
# the socket is first converted to v4-mapped and then handled as if it was
# IPv6. This simplifies the logic very much and makes the code much
# cleaner. Prefixes are also supported in the form [3ffe:ffff::/48] as
# well as for IPv4 addresses.
#
# Made by Michal Ludvig <mludvig@suse.cz>, <michal@logix.cz>
# November , 2002
#
diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access.c
--- tcp_wrappers_7.6/hosts_access.c 2002-11-29 16:09:02.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/hosts_access.c 2002-11-29 12:52:15.000000000 +0100
@@ -85,11 +85,6 @@ static int server_match();
static int client_match();
static int host_match();
static int string_match();
-static int masked_match();
-#ifdef INET6
-static int masked_match4();
-static int masked_match6();
-#endif
/* Size of logical line buffer. */
@@ -308,15 +303,17 @@ struct host_info *host;
} else if (STR_EQ(tok, "LOCAL")) { /* local: no dots in name */
char *name = eval_hostname(host);
return (strchr(name, '.') == 0 && HOSTNAME_KNOWN(name));
- } else if ((mask = split_at(tok, '/')) != 0) { /* net/mask */
- return (masked_match(tok, mask, eval_hostaddr(host)));
} else { /* anything else */
return (string_match(tok, eval_hostaddr(host))
|| (NOT_INADDR(tok) && string_match(tok, eval_hostname(host))));
}
}
-/* string_match - match string against pattern */
+/* string_match - match string against pattern
+ *
+ * tok = data read from /etc/hosts.*
+ * string = textual data of actual client
+ */
static int string_match(tok, string)
char *tok;
@@ -324,13 +321,6 @@ char *string;
{
int n;
-#ifdef INET6
- /* convert IPv4 mapped IPv6 address to IPv4 address */
- if (STRN_EQ(string, "::ffff:", 7)
- && dot_quad_addr(string + 7) != INADDR_NONE) {
- string += 7;
- }
-#endif
if (tok[0] == '.') { /* suffix */
n = strlen(string) - strlen(tok);
return (n > 0 && STR_EQ(tok, string + n));
@@ -340,122 +330,65 @@ char *string;
return (STR_NE(string, unknown));
} else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */
return (STRN_EQ(tok, string, n));
- } else { /* exact match */
+ } else if (STR_EQ(tok, string)) /* exact match */
+ return (YES);
#ifdef INET6
+ else /* IP addresses match - not needed for IPv4 */
+ {
+ /* For simplicity we convert everything to IPv6 (or v4 mapped) */
struct in6_addr pat, addr;
- int len, ret;
- char ch;
-
+ int len, ret, prefixlen=128;
+ char ch, token[INET6_ADDRSTRLEN+1], *mask;
+
len = strlen(tok);
- if (*tok == '[' && tok[len - 1] == ']') {
- ch = tok[len - 1];
- tok[len - 1] = '\0';
- ret = inet_pton(AF_INET6, tok + 1, pat.s6_addr);
- tok[len - 1] = ch;
- if (ret != 1 || inet_pton(AF_INET6, string, addr.s6_addr) != 1)
- return NO;
- return (!memcmp(&pat, &addr, sizeof(struct in6_addr)));
+ if (*tok == '[' && tok[len - 1] == ']')
+ {
+ ch = tok[len - 1];
+ tok[len - 1] = '\0';
+ snprintf(token, sizeof(token), "%s", tok+1);
+ tok[len - 1] = ch;
+ }
+ else
+ snprintf(token, sizeof(token), "%s", tok);
+
+ /* If prefix was given, handle it */
+ if ((mask = split_at(token, '/')) != 0)
+ {
+ if (sscanf(mask, "%d", &prefixlen) != 1 || prefixlen < 0)
+ {
+ tcpd_warn ("Wrong prefix length in %s", tok);
+ return (NO);
+ }
+
+ if (is_v4_string (token))
+ prefixlen += 96; /* extend to v4mapped */
+
+ if (prefixlen > 128)
+ {
+ tcpd_warn ("Prefix too long in %s", tok);
+ return (NO);
+ }
+ }
+
+ memset (&pat, 0, sizeof(pat));
+ memset (&addr, 0, sizeof(addr));
+
+ if (inet_pton_mapped(AF_INET6, token, &pat) != 1)
+ return (NO);
+
+ if (inet_pton_mapped(AF_INET6, string, &addr) != 1)
+ {
+ tcpd_warn("Unable to handle client address: %s", string);
+ return (NO);
}
-#endif
- return (STR_EQ(tok, string));
- }
-}
-
-/* masked_match - match address against netnumber/netmask */
-
-#ifdef INET6
-static int masked_match(net_tok, mask_tok, string)
-char *net_tok;
-char *mask_tok;
-char *string;
-{
- return (masked_match4(net_tok, mask_tok, string) ||
- masked_match6(net_tok, mask_tok, string));
-}
-
-static int masked_match4(net_tok, mask_tok, string)
-#else
-static int masked_match(net_tok, mask_tok, string)
-#endif
-char *net_tok;
-char *mask_tok;
-char *string;
-{
-#ifdef INET6
- u_int32_t net;
- u_int32_t mask;
- u_int32_t addr;
-#else
- unsigned long net;
- unsigned long mask;
- unsigned long addr;
-#endif
-
- /*
- * Disallow forms other than dotted quad: the treatment that inet_addr()
- * gives to forms with less than four components is inconsistent with the
- * access control language. John P. Rouillard <rouilj@cs.umb.edu>.
- */
-
- if ((addr = dot_quad_addr(string)) == INADDR_NONE)
- return (NO);
- if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) {
-#ifndef INET6
- tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
-#endif
- return (NO); /* not tcpd_jump() */
- }
- return ((addr & mask) == net);
-}
-
-#ifdef INET6
-static int masked_match6(net_tok, mask_tok, string)
-char *net_tok;
-char *mask_tok;
-char *string;
-{
- struct in6_addr net, addr;
- u_int32_t mask;
- int len, mask_len, i = 0;
- char ch;
-
- if (inet_pton(AF_INET6, string, addr.s6_addr) != 1)
- return NO;
-
- if (IN6_IS_ADDR_V4MAPPED(&addr)) {
- if ((*(u_int32_t *)&net.s6_addr[12] = dot_quad_addr(net_tok)) == INADDR_NONE
- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE)
- return (NO);
- return ((*(u_int32_t *)&addr.s6_addr[12] & mask) == *(u_int32_t *)&net.s6_addr[12]);
- }
- /* match IPv6 address against netnumber/prefixlen */
- len = strlen(net_tok);
- if (*net_tok != '[' || net_tok[len - 1] != ']')
- return NO;
- ch = net_tok[len - 1];
- net_tok[len - 1] = '\0';
- if (inet_pton(AF_INET6, net_tok + 1, net.s6_addr) != 1) {
- net_tok[len - 1] = ch;
- return NO;
- }
- net_tok[len - 1] = ch;
- if ((mask_len = atoi(mask_tok)) < 0 || mask_len > 128)
- return NO;
-
- while (mask_len > 0) {
- if (mask_len < 32) {
- mask = htonl(~(0xffffffff >> mask_len));
- if ((*(u_int32_t *)&addr.s6_addr[i] & mask) != (*(u_int32_t *)&net.s6_addr[i] & mask))
- return NO;
- break;
+ if (prefixlen < 128)
+ {
+ apply_v6_prefix (&pat, prefixlen);
+ apply_v6_prefix (&addr, prefixlen);
}
- if (*(u_int32_t *)&addr.s6_addr[i] != *(u_int32_t *)&net.s6_addr[i])
- return NO;
- i += 4;
- mask_len -= 32;
+
+ return (!memcmp(&pat, &addr, sizeof(struct in6_addr)));
}
- return YES;
+#endif
}
-#endif /* INET6 */
--- tcp_wrappers_7.6/socket.c 2002-11-29 16:08:40.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/socket.c 2002-11-29 16:16:56.000000000 +0100
@@ -25,16 +25,12 @@ static char sccsid[] = "@(#) socket.c 1.
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
+#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
#include <syslog.h>
#include <string.h>
-
-#ifdef INET6
-#ifndef USE_GETIPNODEBY
-#include <resolv.h>
-#endif
-#endif
+#include <errno.h>
extern char *inet_ntoa();
@@ -65,10 +61,10 @@ char *name;
*/
if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
- return (gethostbyname(name));
+ return (gethostbyname(name));
} else {
- sprintf(dot_name, "%s.", name);
- return (gethostbyname(dot_name));
+ sprintf(dot_name, "%s.", name);
+ return (gethostbyname(dot_name));
}
}
@@ -104,15 +100,15 @@ struct request_info *request;
len = sizeof(client);
if (getpeername(fd, (struct sockaddr *) & client, &len) < 0) {
- request->sink = sock_sink;
- len = sizeof(client);
- if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK,
- (struct sockaddr *) & client, &len) < 0) {
- tcpd_warn("can't get client address: %m");
- return; /* give up */
- }
+ request->sink = sock_sink;
+ len = sizeof(client);
+ if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK,
+ (struct sockaddr *) & client, &len) < 0) {
+ tcpd_warn("can't get client address: %m");
+ return; /* give up */
+ }
#ifdef really_paranoid
- memset(buf, 0 sizeof(buf));
+ memset(buf, 0 sizeof(buf));
#endif
}
#ifdef INET6
@@ -129,8 +125,8 @@ struct request_info *request;
len = sizeof(server);
if (getsockname(fd, (struct sockaddr *) & server, &len) < 0) {
- tcpd_warn("getsockname: %m");
- return;
+ tcpd_warn("getsockname: %m");
+ return;
}
#ifdef INET6
request->server->sin = (struct sockaddr *)&server;
@@ -150,18 +146,18 @@ struct host_info *host;
int alen;
if (!sin)
- return;
+ return;
switch (sin->sa_family) {
- case AF_INET:
- ap = (char *)&((struct sockaddr_in *)sin)->sin_addr;
- alen = sizeof(struct in_addr);
- break;
- case AF_INET6:
- ap = (char *)&((struct sockaddr_in6 *)sin)->sin6_addr;
- alen = sizeof(struct in6_addr);
- break;
- default:
- return;
+ case AF_INET:
+ ap = (char *)&((struct sockaddr_in *)sin)->sin_addr;
+ alen = sizeof(struct in_addr);
+ break;
+ case AF_INET6:
+ ap = (char *)&((struct sockaddr_in6 *)sin)->sin6_addr;
+ alen = sizeof(struct in6_addr);
+ break;
+ default:
+ return;
}
host->addr[0] = '\0';
inet_ntop(sin->sa_family, ap, host->addr, sizeof(host->addr));
@@ -169,30 +165,139 @@ struct host_info *host;
struct sockaddr_in *sin = host->sin;
if (sin != 0)
- STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr));
+ STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr));
#endif
}
+#ifdef INET6
/* sock_hostname - map endpoint address to host name */
+void
+sock_hostname(struct host_info *host)
+{
+ struct addrinfo hints, *res, *resbase;
+ struct sockaddr *sa = host->sin;
+ struct sockaddr_in6 *sin6, sin6buf;
+ int errcode;
+
+ if (!sa)
+ {
+ /* Unknown sockaddr => unable to verify */
+ tcpd_warn ("can't verify hostname: sockaddr == NULL");
+ strncpy(host->name, paranoid, sizeof(host->name));
+ return;
+ }
+
+ switch (sa->sa_family)
+ {
+ case AF_INET:
+ if (((struct sockaddr_in *)sa)->sin_addr.s_addr == 0)
+ {
+ /* Address 0.0.0.0 is invalid. */
+ tcpd_warn ("can't verify hostname of address %s",
+ inet_ntop2(sa->sa_family,
+ &((struct sockaddr_in *)sa)->sin_addr));
+ strncpy(host->name, paranoid, sizeof(host->name));
+ return;
+ }
+ sin6 = sa_map_v4_to_v6 ((struct sockaddr_in *)sa,
+ &sin6buf);
+ break;
+ case AF_INET6:
+ sin6 = (struct sockaddr_in6 *)sa;
+ break;
+ default:
+ /* Unknown protocol family. */
+ strncpy(host->name, paranoid, sizeof(host->name));
+ return;
+ }
+
+ /* First resolve address to name... */
+ if (getnameinfo ((struct sockaddr *)sin6, sizeof(*sin6),
+ host->name, sizeof(host->name),
+ NULL, 0, 0) < 0)
+ {
+ tcpd_warn ("can't verify hostname: getnameinfo(%s): %s",
+ inet_ntop2(sin6->sin6_family, &sin6->sin6_addr),
+ strerror(errno));
+ strncpy(host->name, paranoid, sizeof(host->name));
+ return;
+ }
+
+ /* Now resolve the name back to the address. Hopefully we'll
+ get the same one... */
+
+ memset (&hints, 0, sizeof(hints));
+
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags |= AI_CANONNAME;
+
+ errcode = getaddrinfo(host->name, NULL, &hints, &resbase);
+ if(errcode)
+ {
+ tcpd_warn ("can't verify hostname: getaddrinfo(%s): %s",
+ host->name,
+ gai_strerror(errcode));
+ strncpy(host->name, paranoid, sizeof(host->name));
+ return;
+ }
+
+ res = resbase;
+
+ /* Now walk through all reutrned addresses and see if at least one
+ is the same (or mmapped-same) as the incoming one. */
+ while(res)
+ {
+ struct sockaddr_in6 *sin6res, sin6resbuf;
+
+ switch (res->ai_family)
+ {
+ case AF_INET:
+ sin6res = sa_map_v4_to_v6 ((struct sockaddr_in *)res->ai_addr, &sin6resbuf);
+ break;
+ case AF_INET6:
+ sin6res = (struct sockaddr_in6 *)res->ai_addr;
+ break;
+ default:
+ res = res->ai_next;
+ continue;
+ }
+
+ if (memcmp (&sin6->sin6_addr, &sin6res->sin6_addr,
+ sizeof(sin6->sin6_addr)) == 0)
+ break;
+
+ res = res->ai_next;
+ }
+
+ freeaddrinfo (resbase);
+
+ if (res == NULL)
+ {
+ /* We walked through the list but didn't find a matching address. */
+ tcpd_warn ("can't verify hostname: getaddrinfo(%s) didn't return %s",
+ host->name,
+ inet_ntop2 (sin6->sin6_family, &sin6->sin6_addr));
+ strncpy(host->name, paranoid, sizeof(host->name));
+ return;
+ }
-void sock_hostname(host)
+ if (STR_NE (host->name, res->ai_canonname) && STR_NE(host->name, "localhost"))
+ {
+ /* We don't treat this as an error, though... */
+ tcpd_warn("host name mismatch: %s != %s (%s)",
+ host->name, res->ai_canonname,
+ inet_ntop2 (sin6->sin6_family, &sin6->sin6_addr));
+ }
+
+ return;
+}
+#else /* INET6 */
+void sock_hostname(host)
struct host_info *host;
{
-#ifdef INET6
- struct sockaddr *sin = host->sin;
- char addr[128];
-#ifdef USE_GETIPNODEBY
- int h_error;
-#else
- u_long res_options;
-#endif
- struct hostent *hp = NULL;
- char *ap;
- int alen;
-#else
struct sockaddr_in *sin = host->sin;
struct hostent *hp;
-#endif
int i;
/*
@@ -202,163 +307,76 @@ struct host_info *host;
* have to special-case 0.0.0.0, in order to avoid false alerts from the
* host name/address checking code below.
*/
-#ifdef INET6
- if (sin != NULL) {
- switch (sin->sa_family) {
- case AF_INET:
- if (((struct sockaddr_in *)sin)->sin_addr.s_addr == 0) {
- strcpy(host->name, paranoid); /* name is bad, clobber it */
- return;
- }
- ap = (char *) &((struct sockaddr_in *)sin)->sin_addr;
- alen = sizeof(struct in_addr);
- break;
- case AF_INET6:
- ap = (char *) &((struct sockaddr_in6 *)sin)->sin6_addr;
- alen = sizeof(struct in6_addr);
- break;
- defalut:
- strcpy(host->name, paranoid); /* name is bad, clobber it */
- return;
- }
-#ifdef USE_GETIPNODEBY
- hp = getipnodebyaddr(ap, alen, sin->sa_family, &h_error);
-#else
- hp = gethostbyaddr(ap, alen, sin->sa_family);
-#endif
- }
- if (hp) {
-#else
if (sin != 0 && sin->sin_addr.s_addr != 0
- && (hp = gethostbyaddr((char *) &(sin->sin_addr),
- sizeof(sin->sin_addr), AF_INET)) != 0) {
-#endif
-
- STRN_CPY(host->name, hp->h_name, sizeof(host->name));
-#if defined(INET6) && defined(USE_GETIPNODEBY)
- freehostent(hp);
-#endif
+ && (hp = gethostbyaddr((char *) &(sin->sin_addr),
+ sizeof(sin->sin_addr), AF_INET)) != 0) {
- /*
- * Verify that the address is a member of the address list returned
- * by gethostbyname(hostname).
- *
- * Verify also that gethostbyaddr() and gethostbyname() return the same
- * hostname, or rshd and rlogind may still end up being spoofed.
- *
- * On some sites, gethostbyname("localhost") returns "localhost.domain".
- * This is a DNS artefact. We treat it as a special case. When we
- * can't believe the address list from gethostbyname("localhost")
- * we're in big trouble anyway.
- */
+ STRN_CPY(host->name, hp->h_name, sizeof(host->name));
-#ifdef INET6
-#ifdef USE_GETIPNODEBY
- hp = getipnodebyname(host->name, sin->sa_family,
- AI_V4MAPPED | AI_ADDRCONFIG | AI_ALL, &h_error);
-#else
- if ((_res.options & RES_INIT) == 0) {
- if (res_init() < 0) {
- inet_ntop(sin->sa_family, ap, addr, sizeof(addr));
- tcpd_warn("can't verify hostname: res_init() for %s failed",
- addr);
- strcpy(host->name, paranoid); /* name is bad, clobber it */
- return;
- }
- }
- res_options = _res.options;
- if (sin->sa_family == AF_INET6)
- _res.options |= RES_USE_INET6;
- else
- _res.options &= ~RES_USE_INET6;
- hp = gethostbyname2(host->name,
- (sin->sa_family == AF_INET6 &&
- IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)sin)->sin6_addr)) ?
- AF_INET : sin->sa_family);
- _res.options = res_options;
-#endif
- if (!hp) {
-#else
- if ((hp = gethostbyname(host->name)) == 0) {
-#endif
-
- /*
- * Unable to verify that the host name matches the address. This
- * may be a transient problem or a botched name server setup.
- */
+ /*
+ * Verify that the address is a member of the address list returned
+ * by gethostbyname(hostname).
+ *
+ * Verify also that gethostbyaddr() and gethostbyname() return the same
+ * hostname, or rshd and rlogind may still end up being spoofed.
+ *
+ * On some sites, gethostbyname("localhost") returns "localhost.domain".
+ * This is a DNS artefact. We treat it as a special case. When we
+ * can't believe the address list from gethostbyname("localhost")
+ * we're in big trouble anyway.
+ */
-#ifdef INET6
-#ifdef USE_GETIPNODEBY
- tcpd_warn("can't verify hostname: getipnodebyname(%s, %s) failed",
-#else
- tcpd_warn("can't verify hostname: gethostbyname2(%s, %s) failed",
-#endif
- host->name,
- (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6");
-#else
- tcpd_warn("can't verify hostname: gethostbyname(%s) failed",
- host->name);
-#endif
+ if ((hp = gethostbyname(host->name)) == 0) {
- } else if (STR_NE(host->name, hp->h_name)
- && STR_NE(host->name, "localhost")) {
+ /*
+ * Unable to verify that the host name matches the address. This
+ * may be a transient problem or a botched name server setup.
+ */
+
+ tcpd_warn("can't verify hostname: gethostbyname(%s) failed",
+ host->name);
+
+ } else if (STR_NE(host->name, hp->h_name)
+ && STR_NE(host->name, "localhost")) {
+
+ /*
+ * The gethostbyaddr() and gethostbyname() calls did not return
+ * the same hostname. This could be a nameserver configuration
+ * problem. It could also be that someone is trying to spoof us.
+ */
- /*
- * The gethostbyaddr() and gethostbyname() calls did not return
- * the same hostname. This could be a nameserver configuration
- * problem. It could also be that someone is trying to spoof us.
- */
-
- tcpd_warn("host name/name mismatch: %s != %.*s",
- host->name, STRING_LENGTH, hp->h_name);
-
- } else {
-
- /*
- * The address should be a member of the address list returned by
- * gethostbyname(). We should first verify that the h_addrtype
- * field is AF_INET, but this program has already caused too much
- * grief on systems with broken library code.
- */
+ tcpd_warn("host name/name mismatch: %s != %.*s",
+ host->name, STRING_LENGTH, hp->h_name);
- for (i = 0; hp->h_addr_list[i]; i++) {
-#ifdef INET6
- if (memcmp(hp->h_addr_list[i], ap, alen) == 0) {
-#ifdef USE_GETIPNODEBY
- freehostent(hp);
-#endif
- return; /* name is good, keep it */
- }
-#else
- if (memcmp(hp->h_addr_list[i],
- (char *) &sin->sin_addr,
- sizeof(sin->sin_addr)) == 0)
- return; /* name is good, keep it */
-#endif
- }
+ } else {
- /*
- * The host name does not map to the initial address. Perhaps
- * someone has messed up. Perhaps someone compromised a name
- * server.
- */
+ /*
+ * The address should be a member of the address list returned by
+ * gethostbyname(). We should first verify that the h_addrtype
+ * field is AF_INET, but this program has already caused too much
+ * grief on systems with broken library code.
+ */
+
+ for (i = 0; hp->h_addr_list[i]; i++) {
+ if (memcmp(hp->h_addr_list[i],
+ (char *) &sin->sin_addr,
+ sizeof(sin->sin_addr)) == 0)
+ return; /* name is good, keep it */
+ }
+
+ /*
+ * The host name does not map to the initial address. Perhaps
+ * someone has messed up. Perhaps someone compromised a name
+ * server.
+ */
-#ifdef INET6
- inet_ntop(sin->sa_family, ap, addr, sizeof(addr));
- tcpd_warn("host name/address mismatch: %s != %.*s",
- addr, STRING_LENGTH, hp->h_name);
-#else
- tcpd_warn("host name/address mismatch: %s != %.*s",
- inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
-#endif
- }
- strcpy(host->name, paranoid); /* name is bad, clobber it */
-#if defined(INET6) && defined(USE_GETIPNODEBY)
- if (hp)
- freehostent(hp);
-#endif
+ tcpd_warn("host name/address mismatch: %s != %.*s",
+ inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
+ }
+ strcpy(host->name, paranoid); /* name is bad, clobber it */
}
}
+#endif /* INET6 */
/* sock_sink - absorb unreceived IP datagram */
diff -upNr tcp_wrappers_7.6/ip6utils.c tcp_wrappers_7.6.mludvig/ip6utils.c
--- tcp_wrappers_7.6/ip6utils.c 1970-01-01 01:00:00.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/ip6utils.c 2002-11-29 14:31:52.000000000 +0100
@@ -0,0 +1,152 @@
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <stdio.h>
+#include <errno.h>
+
+#include "ip6utils.h"
+
+/* inet_pton_mapped()
+ - works like inet_pton(3) but always returns IPv6 address
+ in dst - either "real" or v4mapped (::ffff:1.2.3.4) in
+ the case, when src points to IPv4 address (eg. to 1.2.3.4). */
+int
+inet_pton_mapped (int af, const char *src, void *dst)
+{
+ int ret;
+
+ /* Mapped address is v6. */
+ if (af != AF_INET6)
+ {
+ errno = EAFNOSUPPORT;
+ return -1;
+ }
+
+ /* We must put the result somewhere. */
+ if (!dst)
+ {
+ errno = EFAULT;
+ return -1;
+ }
+
+ /* First try whether the address IPv6. */
+ ret = inet_pton (AF_INET6, src, dst);
+ if (ret > 0)
+ return ret;
+
+ /* Because we're here, it apparently wasn't IPv6. Try IPv4 now. */
+ ret = inet_pton (AF_INET, src, &((struct in6_addr *)dst)->s6_addr32[3]);
+ if (ret > 0)
+ {
+ /* Good, it was IPv4, map it now. */
+ ((struct in6_addr *)dst)->s6_addr32[0] = 0;
+ ((struct in6_addr *)dst)->s6_addr32[1] = 0;
+ ((struct in6_addr *)dst)->s6_addr32[2] = htonl(0x0000ffffL);
+ }
+ return ret;
+}
+
+/* inet_ntop2()
+ - works like inet_ntop(3) but doesn't need an external
+ buffer. Usefull eg. for printing addresses via printf(). */
+const char *
+inet_ntop2 (int af, const void *src)
+{
+ static char address[INET6_ADDRSTRLEN];
+
+ return inet_ntop(af, src, address, sizeof(address));
+}
+
+/* sa_map_v4_to_v6()
+ - Take an IPv4 address in first argument and map it to
+ IPv4-mapped (::ffff:1.2.3.4) IPv6 address. */
+struct sockaddr_in6 *
+sa_map_v4_to_v6 (struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
+{
+ /* Both pointers must be not-NULL or we'll segfault. */
+ if (!sin || !sin6)
+ {
+ errno = EFAULT;
+ return NULL;
+ }
+
+ /* We can map only IPv4 addresses. */
+ if (sin->sin_family != AF_INET)
+ return NULL;
+
+ /* Map it now... */
+ memset(sin6, 0, sizeof(*sin6));
+
+ sin6->sin6_family = AF_INET6;
+ sin6->sin6_port = sin->sin_port;
+ sin6->sin6_addr.s6_addr16[5] = 0xffff;
+ sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
+
+ return sin6;
+}
+
+/* is_v4_string(), is_v6_string()
+ - Return 1 when src is a string representing a valid
+ IPv4, resp. IPv6 address. Return 0 otherwise. */
+int
+is_v4_string (const char *src)
+{
+ struct in_addr result;
+
+ return (inet_pton (AF_INET, src, &result) > 0);
+}
+
+int
+is_v6_string (const char *src)
+{
+ struct in6_addr result;
+
+ return (inet_pton (AF_INET6, src, &result) > 0);
+}
+
+/* apply_v6_prefix()
+ - mask the address given in 'src' with 'prefixlen' netmask. Clear
+ all bits not covered by prefixlen. */
+int
+apply_v6_prefix (struct in6_addr *src, int prefixlen)
+{
+ int i;
+
+ /* Check prefix for a valid length. */
+ if (prefixlen < 0 || prefixlen > 128)
+ return -1;
+
+ /* Prefixes will quite often end up on 16b boundary,
+ so we'll walk thorugh 16b blocks and possibly avoid
+ creating bitmasks. */
+ for (i=0; i<8; i++)
+ {
+ /* Prefix fully covers this block -> leave as is. */
+ if (prefixlen >= (i+1)*16)
+ continue;
+ /* Prefix doesn't cover this block -> zero it. */
+ if (prefixlen <= i*16)
+ {
+ src->s6_addr16[i] = 0;
+ continue;
+ }
+ /* Prefix ends somewhere inside in this block. Let's
+ build and apply a bitmask for this block. */
+ {
+ uint16_t mask=0;
+ int bits;
+
+ bits = prefixlen - i*16;
+
+ while (bits)
+ {
+ mask |= (1 << (16-bits));
+ bits --;
+ }
+
+ src->s6_addr16[i] &= htons(mask);
+ }
+ }
+
+ return 0;
+}
diff -upNr tcp_wrappers_7.6/ip6utils.h tcp_wrappers_7.6.mludvig/ip6utils.h
--- tcp_wrappers_7.6/ip6utils.h 1970-01-01 01:00:00.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/ip6utils.h 2002-11-29 12:53:06.000000000 +0100
@@ -0,0 +1,33 @@
+#ifndef IP6UTILS_H
+#define IP6UTILS_H
+
+/* inet_pton_mapped()
+ - works like inet_pton(3) but always returns IPv6 address
+ in dst - either "real" or v4mapped (::ffff:1.2.3.4) in
+ the case, when src points to IPv4 address (eg. to 1.2.3.4).
+ Return value is as with inet_pton(), dst remains untouched on
+ an address translation failure. */
+int inet_pton_mapped (int af, const char *src, void *dst);
+
+/* inet_ntop2()
+ - works like inet_ntop(3) but doesn't need an external
+ buffer. Usefull eg. for printing addresses via printf(). */
+const char *inet_ntop2 (int af, const void *src);
+
+/* sa_map_v4_to_v6()
+ - Take an IPv4 address in form 1.2.3.4 and map it to
+ IPv4-mapped form ::ffff:1.2.3.4 */
+struct sockaddr_in6 *sa_map_v4_to_v6 (struct sockaddr_in *sin, struct sockaddr_in6 *sin6);
+
+/* is_v4_string(), is_v6_string()
+ - Return 1 when src is a string representing a valid
+ IPv4, resp. IPv6 address. Return 0 otherwise. */
+int is_v4_string (const char *src);
+int is_v6_string (const char *src);
+
+/* apply_v6_prefix()
+ - mask the address given in 'src' with 'prefixlen' netmask. Clear
+ all bits not covered by prefixlen. Return -1 on a failure, else 0. */
+int apply_v6_prefix (struct in6_addr *src, int prefixlen);
+
+#endif /* IP6UTILS_H */
diff -upNr tcp_wrappers_7.6/tcpd.h tcp_wrappers_7.6.mludvig/tcpd.h
--- tcp_wrappers_7.6/tcpd.h 2002-11-29 16:09:02.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/tcpd.h 2002-11-29 12:54:16.000000000 +0100
@@ -10,6 +10,8 @@
#include <sys/socket.h>
#endif
+#include "ip6utils.h"
+
/* Structure to describe one communications endpoint. */
#define STRING_LENGTH 128 /* hosts, users, processes */
diff -upNr tcp_wrappers_7.6/Makefile tcp_wrappers_7.6.mludvig/Makefile
--- tcp_wrappers_7.6/Makefile 2002-11-29 16:09:02.000000000 +0100
+++ tcp_wrappers_7.6.mludvig/Makefile 2002-11-29 12:54:04.000000000 +0100
@@ -1,5 +1,7 @@
# @(#) Makefile 1.23 97/03/21 19:27:20
+really-all: linux
+
what:
@echo
@echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
@@ -670,7 +672,7 @@ CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY
LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
$(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
- update.o misc.o diag.o percent_m.o myvsyslog.o
+ update.o misc.o diag.o percent_m.o myvsyslog.o ip6utils.o
FROM_OBJ= fromhost.o
@@ -683,6 +685,7 @@ KIT = README miscd.c tcpd.c fromhost.c h
tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \
myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \
refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
+ ip6utils.c ip6utils.h \
scaffold.h tcpdmatch.8 README.NIS
LIB = libwrap.a
@@ -812,6 +815,7 @@ printfck:
# Internal compilation dependencies.
+tcpd.h: ip6utils.h
clean_exit.o: cflags
clean_exit.o: tcpd.h
diag.o: cflags

30
tcp_wrappers_7.6-ipv6.fix.fix.diff Normal file
View File

@ -0,0 +1,30 @@
--- hosts_access.c 2003/03/15 15:12:36 1.1
+++ hosts_access.c 2003/03/15 15:47:18
@@ -354,7 +354,26 @@
/* If prefix was given, handle it */
if ((mask = split_at(token, '/')) != 0)
{
- if (sscanf(mask, "%d", &prefixlen) != 1 || prefixlen < 0)
+ if (strchr(mask, '.') != NULL) /* We have something
+ like 255.255.0.0 */
+ {
+ int b1, b2, b3, b4;
+ uint32_t netmask;
+
+ if (sscanf(mask, "%d.%d.%d.%d", &b1, &b2, &b3, &b4) != 4)
+ {
+ tcpd_warn ("Wrong netmask in %s", tok);
+ return (NO);
+ }
+ netmask = (((((b1 * 256) + b2) * 256) + b3) * 256) + b4;
+ prefixlen = 0;
+ while (netmask > 0)
+ {
+ ++prefixlen;
+ netmask <<= 1;
+ }
+ }
+ else if (sscanf(mask, "%d", &prefixlen) != 1 || prefixlen < 0)
{
tcpd_warn ("Wrong prefix length in %s", tok);
return (NO);

47
tcp_wrappers_7.6-ipv6.fix.fix2.diff Normal file
View File

@ -0,0 +1,47 @@
--- hosts_access.c
+++ hosts_access.c
@@ -328,8 +328,6 @@
return (YES);
} else if (STR_EQ(tok, "KNOWN")) { /* not unknown */
return (STR_NE(string, unknown));
- } else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */
- return (STRN_EQ(tok, string, n));
} else if (STR_EQ(tok, string)) /* exact match */
return (YES);
#ifdef INET6
@@ -337,11 +335,31 @@
{
/* For simplicity we convert everything to IPv6 (or v4 mapped) */
struct in6_addr pat, addr;
- int len, ret, prefixlen=128;
- char ch, token[INET6_ADDRSTRLEN+1], *mask;
-
+ int len, ret, prefixlen=128, nof_periods = 0;
+ char ch, token[INET6_ADDRSTRLEN+1], *mask, *ptok = tok, *addition;
len = strlen(tok);
- if (*tok == '[' && tok[len - 1] == ']')
+ if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */
+ while ((ptok = strchr(ptok, '.')) != NULL){
+ nof_periods++;
+ ptok++;
+ }
+ switch(nof_periods){
+ case 1:
+ addition = "0.0.0/8";
+ break;
+ case 2:
+ addition = "0.0/16";
+ break;
+ case 3:
+ addition = "0/24";
+ break;
+ default:
+ tcpd_warn ("Wrong prefix %s", tok);
+ return (NO);
+ }
+ snprintf(token, sizeof(token), "%s%s", tok, addition);
+ }
+ else if (*tok == '[' && tok[len - 1] == ']')
{
ch = tok[len - 1];
tok[len - 1] = '\0';

11
tcp_wrappers_7.6-multi_local_interfaces-fix.diff Normal file
View File

@ -0,0 +1,11 @@
--- socket.c
+++ socket.c
@@ -282,7 +282,7 @@
return;
}
- if (STR_NE (host->name, res->ai_canonname) && STR_NE(host->name, "localhost"))
+ if ((!res->ai_canonname || STR_NE (host->name, res->ai_canonname)) && STR_NE(host->name, "localhost"))
{
/* We don't treat this as an error, though... */
tcpd_warn("host name mismatch: %s != %s (%s)",

67
tcp_wrappers_7.6-nonvoid.diff Normal file
View File

@ -0,0 +1,67 @@
--- fakelog.c
+++ fakelog.c
@@ -16,7 +16,7 @@
/* openlog - dummy */
/* ARGSUSED */
-
+void
openlog(name, logopt, facility)
char *name;
int logopt;
@@ -26,7 +26,7 @@
}
/* vsyslog - format one record */
-
+void
vsyslog(severity, fmt, ap)
int severity;
char *fmt;
@@ -42,7 +42,7 @@
/* syslog - format one record */
/* VARARGS */
-
+void
VARARGS(syslog, int, severity)
{
va_list ap;
@@ -55,7 +55,7 @@
}
/* closelog - dummy */
-
+void
closelog()
{
/* void */
--- fix_options.c
+++ fix_options.c
@@ -31,7 +31,7 @@
#define BUFFER_SIZE 512 /* Was: BUFSIZ */
/* fix_options - get rid of IP-level socket options */
-
+void
fix_options(request)
struct request_info *request;
{
--- options.c
+++ options.c
@@ -541,6 +541,7 @@
return (t->value);
tcpd_jump("bad syslog facility or severity: \"%s\"", name);
/* NOTREACHED */
+ return 0;
}
/* severity_option - change logging severity for this event (Dave Mitchell) */
--- tcpd.c
+++ tcpd.c
@@ -131,4 +131,5 @@
syslog(LOG_ERR, "error: cannot execute %s: %m", path);
clean_exit(&request);
/* NOTREACHED */
+ return 0;
}

36
tcp_wrappers_7.6-optflags.diff Normal file
View File

@ -0,0 +1,36 @@
--- Makefile
+++ Makefile
@@ -673,7 +673,7 @@
shared/%.o: %.c
$(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@
-CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
+CFLAGS = $(RPM_OPT_FLAGS) -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
@@ -730,13 +730,13 @@
ln -s $(notdir $(SHLIBSOMAJ)) $(SHLIBSO)
tcpd: tcpd.o $(SHLIB)
- $(CC) $(CFLAGS) -o $@ tcpd.o $(SHLIBFLAGS)
+ $(CC) $(CFLAGS) -pie -o $@ tcpd.o $(SHLIBFLAGS)
miscd: miscd.o $(SHLIB)
$(CC) $(CFLAGS) -o $@ miscd.o $(SHLIBFLAGS)
safe_finger: safe_finger.o $(SHLIB)
- $(CC) $(CFLAGS) -o $@ safe_finger.o $(SHLIBFLAGS)
+ $(CC) $(CFLAGS) -pie -o $@ safe_finger.o $(SHLIBFLAGS)
TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
@@ -744,7 +744,7 @@
$(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS)
try-from: try-from.o fakelog.o $(SHLIB)
- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS)
+ $(CC) $(CFLAGS) -pie -o $@ try-from.o fakelog.o $(SHLIBFLAGS)
TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o

91
tcp_wrappers_7.6-prototypes.diff Normal file
View File

@ -0,0 +1,91 @@
--- tcp_wrappers_7.6/inetcf.c.xx 2005-09-16 22:00:05.000000000 +0200
+++ tcp_wrappers_7.6/inetcf.c 2005-09-16 22:13:38.000000000 +0200
@@ -88,7 +88,7 @@
} else {
for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "r")) == 0; i++)
/* void */ ;
- if (fp == 0) {
+ if (!fp) {
fprintf(stderr, "Cannot find your inetd.conf or tlid.conf file.\n");
fprintf(stderr, "Please specify its location.\n");
exit(1);
--- tcp_wrappers_7.6/ip6utils.c.xx 2005-09-16 22:00:35.000000000 +0200
+++ tcp_wrappers_7.6/ip6utils.c 2005-09-16 22:13:38.000000000 +0200
@@ -2,6 +2,7 @@
#include <sys/socket.h>
#include <arpa/inet.h>
#include <stdio.h>
+#include <string.h>
#include <errno.h>
#include "ip6utils.h"
--- tcp_wrappers_7.6/options.c.xx 2005-09-16 22:05:35.000000000 +0200
+++ tcp_wrappers_7.6/options.c 2005-09-16 22:13:38.000000000 +0200
@@ -41,6 +41,8 @@
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
#include <syslog.h>
#include <pwd.h>
#include <grp.h>
--- tcp_wrappers_7.6/clean_exit.c.xx 2005-09-16 22:09:34.000000000 +0200
+++ tcp_wrappers_7.6/clean_exit.c 2005-09-16 22:13:38.000000000 +0200
@@ -13,6 +13,8 @@
#endif
#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
extern void exit();
--- tcp_wrappers_7.6/shell_cmd.c.xx 2005-09-16 22:06:55.000000000 +0200
+++ tcp_wrappers_7.6/shell_cmd.c 2005-09-16 22:13:38.000000000 +0200
@@ -15,9 +15,13 @@
/* System libraries. */
#include <sys/types.h>
+#include <sys/wait.h>
#include <sys/param.h>
#include <signal.h>
#include <stdio.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <unistd.h>
#include <syslog.h>
#include <string.h>
--- tcp_wrappers_7.6/percent_x.c.xx 2005-09-16 22:09:19.000000000 +0200
+++ tcp_wrappers_7.6/percent_x.c 2005-09-16 22:13:38.000000000 +0200
@@ -18,6 +18,8 @@
#include <stdio.h>
#include <syslog.h>
+#include <stdlib.h>
+#include <unistd.h>
#include <string.h>
extern void exit();
--- tcp_wrappers_7.6/update.c.xx 2005-09-16 22:10:09.000000000 +0200
+++ tcp_wrappers_7.6/update.c 2005-09-16 22:13:38.000000000 +0200
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <syslog.h>
+#include <unistd.h>
#include <string.h>
/* Local stuff. */
--- tcp_wrappers_7.6/hosts_access.c.xx 2005-09-16 22:12:08.000000000 +0200
+++ tcp_wrappers_7.6/hosts_access.c 2005-09-16 22:13:38.000000000 +0200
@@ -31,6 +31,8 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
+#include <unistd.h>
+#include <netdb.h>
#include <syslog.h>
#include <ctype.h>
#include <errno.h>

163
tcp_wrappers_7.6-shared-lib.diff Normal file
View File

@ -0,0 +1,163 @@
--- Makefile
+++ Makefile
@@ -145,9 +145,9 @@
linux:
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
NETGROUP=-DNETGROUP TLI= \
- EXTRA_CFLAGS="-fPIC -DSYS_ERRLIST_DEFINED -DINET6=1 -Dss_family=__ss_family" all
+ EXTRA_CFLAGS="-fPIC -DSYS_ERRLIST_DEFINED -DINET6=1 -Dss_family=__ss_family -DHAVE_WEAKSYMS -D_REENTRANT" all
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
hpux hpux8 hpux9 hpux10:
@@ -660,7 +660,18 @@
# Protection against weird shells or weird make programs.
SHELL = /bin/sh
-.c.o:; $(CC) $(CFLAGS) -c $*.c
+.c.o:; $(CC) $(CFLAGS) -o $*.o -c $*.c
+
+SOMAJOR = 0
+SOMINOR = 7.6
+LIB = libwrap.a
+SHLIB = shared/libwrap.so.$(SOMAJOR).$(SOMINOR)
+SHLIBSOMAJ = shared/libwrap.so.$(SOMAJOR)
+SHLIBSO = shared/libwrap.so
+SHLIBFLAGS = -Lshared -lwrap
+
+shared/%.o: %.c
+ $(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@
CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
@@ -669,11 +680,16 @@
$(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
$(VSYSLOG)
+SHLINKFLAGS = -shared -Xlinker -soname -Xlinker libwrap.so.$(SOMAJOR) -lc $(LIBS)
+SHCFLAGS = -fPIC -shared -D_REENTRANT
+
LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
$(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
update.o misc.o diag.o percent_m.o myvsyslog.o ip6utils.o
+SHLIB_OBJ= $(addprefix shared/, $(LIB_OBJ));
+
FROM_OBJ= fromhost.o
KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
@@ -688,9 +704,8 @@
ip6utils.c ip6utils.h \
scaffold.h tcpdmatch.8 README.NIS
-LIB = libwrap.a
+all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(LIB)
-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
# Invalidate all object files when the compiler options (CFLAGS) have changed.
@@ -701,33 +716,40 @@
then rm /tmp/cflags.$$$$ ; \
else mv /tmp/cflags.$$$$ cflags ; \
fi >/dev/null 2>/dev/null
+ @if [ ! -d shared ]; then mkdir shared; fi
$(LIB): $(LIB_OBJ)
rm -f $(LIB)
$(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
-$(RANLIB) $(LIB)
-tcpd: tcpd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
+$(SHLIB): $(SHLIB_OBJ)
+ rm -f $(SHLIB)
+ $(CC) -o $(SHLIB) $(SHLINKFLAGS) $(SHLIB_OBJ)
+ ln -s $(notdir $(SHLIB)) $(SHLIBSOMAJ)
+ ln -s $(notdir $(SHLIBSOMAJ)) $(SHLIBSO)
+
+tcpd: tcpd.o $(SHLIB)
+ $(CC) $(CFLAGS) -o $@ tcpd.o $(SHLIBFLAGS)
-miscd: miscd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
+miscd: miscd.o $(SHLIB)
+ $(CC) $(CFLAGS) -o $@ miscd.o $(SHLIBFLAGS)
-safe_finger: safe_finger.o $(LIB)
- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
+safe_finger: safe_finger.o $(SHLIB)
+ $(CC) $(CFLAGS) -o $@ safe_finger.o $(SHLIBFLAGS)
TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
+tcpdmatch: $(TCPDMATCH_OBJ) $(SHLIB)
+ $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS)
-try-from: try-from.o fakelog.o $(LIB)
- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
+try-from: try-from.o fakelog.o $(SHLIB)
+ $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS)
TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
-tcpdchk: $(TCPDCHK_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
+tcpdchk: $(TCPDCHK_OBJ) $(SHLIB)
+ $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(SHLIBFLAGS)
shar: $(KIT)
@shar $(KIT)
@@ -743,7 +765,8 @@
clean:
rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
- cflags
+ cflags libwrap*.so*
+ rm -rf shared
tidy: clean
chmod -R a+r .
@@ -890,5 +913,6 @@
update.o: mystdarg.h
update.o: tcpd.h
vfprintf.o: cflags
+weak_symbols.o: tcpd.h
workarounds.o: cflags
workarounds.o: tcpd.h
--- tcpd.h
+++ tcpd.h
@@ -106,8 +106,14 @@
/* Global variables. */
+#ifdef HAVE_WEAKSYMS
+extern int allow_severity __attribute__ ((weak)); /* for connection logging */
+extern int deny_severity __attribute__ ((weak)); /* for connection logging */
+#else
extern int allow_severity; /* for connection logging */
extern int deny_severity; /* for connection logging */
+#endif
+
extern char *hosts_allow_table; /* for verification mode redirection */
extern char *hosts_deny_table; /* for verification mode redirection */
extern int hosts_access_verbose; /* for verbose matching mode */
--- weak_symbols.c
+++ weak_symbols.c
@@ -0,0 +1,11 @@
+/*
+ * @(#) weak_symbols.h 1.5 99/12/29 23:50
+ *
+ * Author: Anthony Towns <ajt@debian.org>
+ */
+
+#ifdef HAVE_WEAKSYMS
+#include <syslog.h>
+int deny_severity = LOG_WARNING;
+int allow_severity = SEVERITY;
+#endif

11
tcp_wrappers_7.6-uninitialized.diff Normal file
View File

@ -0,0 +1,11 @@
--- inetcf.c
+++ inetcf.c
@@ -61,7 +61,7 @@
char *conf;
{
char buf[BUFSIZ];
- FILE *fp;
+ FILE *fp = NULL;
char *service;
char *protocol;
char *user;

366
tcp_wrappers_7.6.dif Normal file
View File

@ -0,0 +1,366 @@
--- Makefile
+++ Makefile
@@ -44,7 +44,7 @@
#REAL_DAEMON_DIR=/usr/etc
#
# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin
+REAL_DAEMON_DIR=/usr/sbin
#
# BSD 4.4
#REAL_DAEMON_DIR=/usr/libexec
@@ -143,8 +143,9 @@
linux:
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
+ NETGROUP=-DNETGROUP TLI= \
+ EXTRA_CFLAGS="-fPIC -DSYS_ERRLIST_DEFINED -DINET6=1 -Dss_family=__ss_family" all
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
hpux hpux8 hpux9 hpux10:
@@ -229,7 +230,7 @@
# Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
uts215:
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
LIBS="-lsocket" RANLIB=echo \
ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
@@ -472,7 +473,7 @@
# If your system supports vsyslog(), comment out the following definition.
# If in doubt leave it in, it won't harm.
-VSYSLOG = -Dvsyslog=myvsyslog
+#VSYSLOG = -Dvsyslog=myvsyslog
# End of the system dependencies.
#################################
@@ -491,7 +492,7 @@
# Uncomment the next definition to turn on the language extensions
# (examples: allow, deny, banners, twist and spawn).
#
-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
+STYLE = -DPROCESS_OPTIONS # Enable language extensions.
################################################################
# Optional: Changing the default disposition of logfile records
@@ -514,7 +515,7 @@
#
# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
+FACILITY= LOG_AUTHPRIV # LOG_MAIL is what most sendmail daemons use
# The syslog priority at which successful connections are logged.
@@ -531,7 +532,7 @@
# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
#
-# DOT= -DAPPEND_DOT
+DOT= -DAPPEND_DOT
##################################################
# Optional: Always attempt remote username lookups
@@ -610,7 +611,7 @@
# Paranoid mode implies hostname lookup. In order to disable hostname
# lookups altogether, see the next section.
-PARANOID= -DPARANOID
+#PARANOID= -DPARANOID
########################################
# Optional: turning off hostname lookups
@@ -649,7 +650,7 @@
# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
# Solaris 2.x, and Linux. See your system documentation for details.
#
-# KILL_OPT= -DKILL_IP_OPTIONS
+#KILL_OPT= -DKILL_IP_OPTIONS
## End configuration options
############################
@@ -659,12 +660,12 @@
SHELL = /bin/sh
.c.o:; $(CC) $(CFLAGS) -c $*.c
-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
+CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
$(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
- $(VSYSLOG) $(HOSTNAME)
+ $(VSYSLOG)
LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
--- README.ipv6
+++ README.ipv6
@@ -0,0 +1,17 @@
+;; IPv6 patch for tcp_wrappers_7.6 1.6
+;; Aug 23, 1999 by Hajimu UMEMOTO <ume@mahoroba.org>
+;;
+;; This patch supports IPv4/IPv6 dual stack and IPv4-mapped IPv6 address.
+;; You can replace stock tcpd or libwrap.a with this.
+;; IPv6 address pattern is as a `[net]/prefixlen' pair.
+;; This patch was tested on KAME/FreeBSD, KAME/FreeBSD3, KAME/NetBSD,
+;; RedHat 5.1 with kernel 2.1.126, and RedHat 6.0 with kernel 2.2.10.
+;;
+;; CAUTION:
+;; Back out change for field separater. Now, field separater is `:'
+;; not `|'. To specify IPv6 address, enclose IPv6 address with `['
+;; and `]'.
+;;
+;; For Linux users:
+;; If your libc doesn't have sockaddr_storage, try target `linux-old'.
+
--- hosts_access.c
+++ hosts_access.c
@@ -36,6 +36,7 @@
#include <errno.h>
#include <setjmp.h>
#include <string.h>
+#include <rpcsvc/ypclnt.h>
extern char *fgets();
extern int errno;
@@ -95,6 +96,33 @@
#define BUFLEN 2048
/* hosts_access - host access control facility */
+
+int
+yp_get_default_domain (char **outdomain)
+{
+ static char __ypdomainname[1025] = "\0";
+ int result = YPERR_SUCCESS;;
+ *outdomain = NULL;
+
+ if (__ypdomainname[0] == '\0')
+ {
+ if (getdomainname (__ypdomainname, 1024))
+ result = YPERR_NODOM;
+ else if (strcmp (__ypdomainname, "(none)") == 0)
+ {
+ /* If domainname is not set, some Systems will return "(none)" */
+ __ypdomainname[0] = '\0';
+ result = YPERR_NODOM;
+ }
+ else
+ *outdomain = __ypdomainname;
+ }
+ else
+ *outdomain = __ypdomainname;
+
+ return result;
+}
+
int hosts_access(request)
struct request_info *request;
--- safe_finger.c
+++ safe_finger.c
@@ -31,7 +31,7 @@
/* Local stuff */
-char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
+char path[] = "PATH=/bin:/usr/bin:/usr/sbin";
#define TIME_LIMIT 60 /* Do not keep listinging forever */
#define INPUT_LENGTH 100000 /* Do not keep listinging forever */
--- scaffold.c
+++ scaffold.c
@@ -334,10 +334,11 @@
/* ARGSUSED */
-void rfc931(request)
-struct request_info *request;
+void rfc931(request, dummy1, dummy2)
+struct sockaddr *request, *dummy1;
+char *dummy2;
{
- strcpy(request->user, unknown);
+ strcpy(((struct request_info *)request)->user, unknown);
}
/* check_path - examine accessibility */
--- tcpd.h
+++ tcpd.h
@@ -4,6 +4,12 @@
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
*/
+#ifdef __STDC__
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#endif
+
/* Structure to describe one communications endpoint. */
#define STRING_LENGTH 128 /* hosts, users, processes */
@@ -65,11 +71,26 @@
/* Global functions. */
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
+#ifdef __STDC__
+extern void fromhost(struct request_info *);
+#else
extern void fromhost(); /* get/validate client host info */
+#endif
#else
#define fromhost sock_host /* no TLI support needed */
#endif
+#ifdef __STDC__
+extern int hosts_access(struct request_info *);
+extern void shell_cmd(char *);
+extern char *percent_x(char *, int, char *, struct request_info *);
+extern void rfc931(struct sockaddr *, struct sockaddr *, char *);
+extern void clean_exit(struct request_info *);
+extern void refuse(struct request_info *);
+extern char *xgets(char *, int, FILE *);
+extern char *split_at(char *, int);
+extern unsigned long dot_quad_addr(char *);
+#else
extern int hosts_access(); /* access control */
extern void shell_cmd(); /* execute shell command */
extern char *percent_x(); /* do %<char> expansion */
@@ -79,6 +100,7 @@
extern char *xgets(); /* fgets() on steroids */
extern char *split_at(); /* strchr() and split */
extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
+#endif
/* Global variables. */
@@ -121,28 +143,47 @@
* host_info structures serve as caches for the lookup results.
*/
+#ifdef __STDC__
+extern char *eval_user(struct request_info *);
+extern char *eval_hostname(struct host_info *);
+extern char *eval_hostaddr(struct host_info *);
+extern char *eval_hostinfo(struct host_info *);
+extern char *eval_client(struct request_info *);
+extern char *eval_server(struct request_info *);
+#else
extern char *eval_user(); /* client user */
extern char *eval_hostname(); /* printable hostname */
extern char *eval_hostaddr(); /* printable host address */
extern char *eval_hostinfo(); /* host name or address */
extern char *eval_client(); /* whatever is available */
extern char *eval_server(); /* whatever is available */
+#endif
#define eval_daemon(r) ((r)->daemon) /* daemon process name */
#define eval_pid(r) ((r)->pid) /* process id */
/* Socket-specific methods, including DNS hostname lookups. */
+#ifdef __STDC__
+extern void sock_host(struct request_info *);
+extern void sock_hostname(struct host_info *);
+extern void sock_hostaddr(struct host_info *);
+#else
extern void sock_host(); /* look up endpoint addresses */
extern void sock_hostname(); /* translate address to hostname */
extern void sock_hostaddr(); /* address to printable address */
+#endif
#define sock_methods(r) \
{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
/* The System V Transport-Level Interface (TLI) interface. */
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
+#ifdef __STDC__
+extern void tli_host(struct request_info *);
+#else
extern void tli_host(); /* look up endpoint addresses etc. */
#endif
+#endif
/*
* Problem reporting interface. Additional file/line context is reported
@@ -182,42 +223,74 @@
* behavior.
*/
+#ifdef __STDC__
+extern void process_options(char *, struct request_info *);
+#else
extern void process_options(); /* execute options */
+#endif
extern int dry_run; /* verification flag */
/* Bug workarounds. */
#ifdef INET_ADDR_BUG /* inet_addr() returns struct */
#define inet_addr fix_inet_addr
+#ifdef __STDC__
+extern long fix_inet_addr(char *);
+#else
extern long fix_inet_addr();
#endif
+#endif
#ifdef BROKEN_FGETS /* partial reads from sockets */
#define fgets fix_fgets
+#ifdef __STDC__
+extern char *fix_fgets(char *, int, FILE *);
+#else
extern char *fix_fgets();
#endif
+#endif
#ifdef RECVFROM_BUG /* no address family info */
#define recvfrom fix_recvfrom
+#ifdef __STDC__
+extern int fix_recvfrom(int, char *, int, int, struct sockaddr *, int *);
+#else
extern int fix_recvfrom();
#endif
+#endif
#ifdef GETPEERNAME_BUG /* claims success with UDP */
#define getpeername fix_getpeername
+#ifdef __STDC__
+extern int fix_getpeername(int, struct sockaddr *, int *);
+#else
extern int fix_getpeername();
#endif
+#endif
#ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */
#define gethostbyname fix_gethostbyname
+#ifdef __STDC__
+extern struct hostent *fix_gethostbyname(char *);
+#else
extern struct hostent *fix_gethostbyname();
#endif
+#endif
#ifdef USE_STRSEP /* libc calls strtok() */
#define strtok fix_strtok
+#ifdef __STDC__
+extern char *fix_strtok(char *, char *);
+#else
extern char *fix_strtok();
#endif
+#endif
#ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */
#define strtok my_strtok
+#ifdef __STDC__
+extern char *my_strtok(char *, char *);
+#else
extern char *my_strtok();
+#endif
#endif

3
tcp_wrappers_7.6.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:77a52687b1919bd4b10a0893becec1935e23a5355e85a786e29fb84a13953a2c
size 78615

129
tcpd.changes Normal file
View File

@ -0,0 +1,129 @@
-------------------------------------------------------------------
Tue May 30 16:59:21 CEST 2006 - lmichnovic@suse.cz
- fixed uninitilized filepointer (uninitialized.diff) [#178636]
-------------------------------------------------------------------
Fri Mar 31 15:57:06 CEST 2006 - lmichnovic@suse.cz
- fixed missing definition of hosts_ctl() in tcpd.h (hosts_ctl.diff)
[#162303]
-------------------------------------------------------------------
Wed Jan 25 21:31:01 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Sun Jan 15 19:13:05 CET 2006 - schwab@suse.de
- Don't strip binaries.
-------------------------------------------------------------------
Fri Sep 16 22:16:47 CEST 2005 - meissner@suse.de
- fixed all implicit warnings.
-------------------------------------------------------------------
Fri Jun 24 02:34:37 CEST 2005 - ro@suse.de
- build with fPIE/pie
- really use RPM_OPT_FLAGS
- fix some non-void-return warnings
-------------------------------------------------------------------
Thu Jan 13 15:17:52 CET 2005 - postadal@suse.cz
- fixed crashing on system with more than one network interface [#49368]
-------------------------------------------------------------------
Wed Sep 15 20:56:57 CEST 2004 - aj@suse.de
- Fix warnings about implicit functions to compile with GCC 4.0.
-------------------------------------------------------------------
Mon Mar 22 15:36:12 CET 2004 - ro@suse.de
- installed shared lib to /%_lib, not /usr/%_lib
and add symlinks (fix for part of #36514)
-------------------------------------------------------------------
Thu Feb 12 16:28:45 CET 2004 - kukuk@suse.de
- Create subpackage "tcpd-devel"
-------------------------------------------------------------------
Mon Feb 09 13:05:26 CET 2004 - postadal@suse.cz
- added support for compiling as shared library with soname of libwrap0 (version 7.6)
-------------------------------------------------------------------
Sun Jan 11 11:59:00 CET 2004 - adrian@suse.de
- build as user
-------------------------------------------------------------------
Fri Oct 31 13:20:28 CET 2003 - postadal@suse.cz
- fixed invalid warning about "host name mismatch" [#26519, #32772]
-------------------------------------------------------------------
Wed Sep 10 15:03:34 CEST 2003 - postadal@suse.cz
- fixed handling patterns ending with period [#27322]
-------------------------------------------------------------------
Sat Mar 15 17:52:56 CET 2003 - kukuk@suse.de
- Don't handle IPv4 netmask as Prefix length [#25409]
-------------------------------------------------------------------
Mon Dec 16 13:18:04 CET 2002 - postadal@suse.cz
- added ip6utils.h to filelist [#22487]
-------------------------------------------------------------------
Fri Dec 13 14:07:13 CET 2002 - postadal@suse.cz
- fixed fix_options function in libwrap.a [#22000]
- included patch ipv6-fix.diff of mludvig@suse.cz to make tcpd work
with IPv4 and mapped IPv4 addresses. [#16162]
- turned off remote username lookups (allways_rfc931) [#22013]
-------------------------------------------------------------------
Thu Jan 10 08:47:15 CET 2002 - cihlar@suse.cz
- use %{_libdir}
-------------------------------------------------------------------
Tue Nov 20 15:35:07 CET 2001 - cihlar@suse.cz
- fixed SEGFAULT in tcpdchk [#12135]
-------------------------------------------------------------------
Thu Sep 6 17:55:44 CEST 2001 - schwab@suse.de
- Compile with -fPIC so that it can be included in a shared library.
-------------------------------------------------------------------
Wed Sep 5 15:34:35 CEST 2001 - schwab@suse.de
- Add prototypes for C++.
-------------------------------------------------------------------
Thu Mar 22 18:51:02 CET 2001 - ro@suse.de
- added split-aliases as provides
-------------------------------------------------------------------
Tue Feb 27 07:33:12 CET 2001 - cihlar@suse.cz
- fixed %files
- clean up spec file
- bzipped sources
-------------------------------------------------------------------
Tue Apr 11 17:15:20 CEST 2000 - kukuk@suse.de
- Split from nkitb

183
tcpd.spec Normal file
View File

@ -0,0 +1,183 @@
#
# spec file for package tcpd (Version 7.6)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: tcpd
URL: ftp://ftp.porcupine.org/pub/security/index.html
License: Other License(s), see package
Group: Productivity/Networking/System
Provides: nkitb:/usr/sbin/tcpd
Autoreqprov: on
Version: 7.6
Release: 731
Summary: A security wrapper for TCP daemons
Source: tcp_wrappers_%{version}.tar.bz2
Patch: tcp_wrappers_%{version}.dif
Patch1: tcp_wrappers_%{version}-ipv6-1.6.diff.gz
Patch2: tcp_wrappers_%{version}-ipv6-fix.diff
Patch3: tcp_wrappers_%{version}-ipv6.fix.fix.diff
Patch4: tcp_wrappers_%{version}-ipv6.fix.fix2.diff
Patch5: tcp_wrappers_%{version}-host_name_mapping-fix.diff
Patch6: tcp_wrappers_%{version}-fix_options-fix.diff
Patch7: tcp_wrappers_%{version}-shared-lib.diff
Patch8: tcp_wrappers_%{version}-builtin.diff
Patch9: tcp_wrappers_%{version}-multi_local_interfaces-fix.diff
Patch10: tcp_wrappers_7.6-optflags.diff
Patch11: tcp_wrappers_7.6-nonvoid.diff
Patch12: tcp_wrappers_7.6-prototypes.diff
Patch13: tcp_wrappers_7.6-hosts_ctl.diff
Patch14: tcp_wrappers_7.6-uninitialized.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
This package contains a small daemon program that can monitor and
filter incoming requests for finger, ftp, telnet, rlogin, rsh, exec,
tftp, talk, and other network services.
Authors:
--------
Wietse Venema <wietse@wzv.win.tue.nl>
%package devel
Summary: Include Files and Libraries for the TCP wrapper library
Group: Productivity/Networking/System
Prefix: %{_prefix}
Requires: %{name} = %{version}
Requires: glibc-devel
%description devel
This package contains the library and header files, which are necessary
to compile and link programs against the TCP wrapper library.
%prep
%setup -n tcp_wrappers_%{version}
%patch1 -p2
%patch
%patch2 -p1
%patch3
%patch4
%patch5
%patch6
%patch7
%patch8
%patch9
%patch10
%patch11
%patch12 -p1
%patch13
%patch14
%build
#RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIE -Wformat=2"
make linux
%install
install -d -m 755 $RPM_BUILD_ROOT/usr/{%{_lib},include,sbin}
install -d -m 755 $RPM_BUILD_ROOT%{_mandir}/man{1,3,5,8}
install -m 755 tcpd tcpdchk tcpdmatch safe_finger try-from $RPM_BUILD_ROOT/usr/sbin/
install -m 644 tcpd.8 tcpdchk.8 tcpdmatch.8 $RPM_BUILD_ROOT%{_mandir}/man8/
install -m 644 hosts_access.3 $RPM_BUILD_ROOT%{_mandir}/man3/
install -m 644 hosts_access.5 hosts_options.5 $RPM_BUILD_ROOT%{_mandir}/man5/
install -m 644 libwrap.a $RPM_BUILD_ROOT/%{_libdir}
install -m 644 tcpd.h $RPM_BUILD_ROOT/usr/include/
install -m 644 ip6utils.h $RPM_BUILD_ROOT/usr/include/
install -d -m 755 $RPM_BUILD_ROOT/%{_lib}
install -m 644 shared/libwrap.so.0.%{version} $RPM_BUILD_ROOT/%{_lib}
cd $RPM_BUILD_ROOT/%{_lib}
ln -sf libwrap.so.0.%{version} libwrap.so.0
cd $RPM_BUILD_ROOT/%{_libdir}
ln -sf /%{_lib}/libwrap.so.0.%{version} libwrap.so
%clean
[ -d %{buildroot} -a "%{buildroot}" != "" ] && rm -rf %{buildroot}
%post
%run_ldconfig
%postun
%run_ldconfig
%files
%defattr(644,root,root,755)
%doc BLURB CHANGES DISCLAIMER README README.ipv6 README.NIS
%attr(755,root,root) /%{_lib}/libwrap.so.*
%doc %{_mandir}/man?/*
%attr(755,root,root) /usr/sbin/*
%files devel
%defattr(644,root,root,755)
/usr/include/tcpd.h
/usr/include/ip6utils.h
%{_libdir}/libwrap.a
%{_libdir}/libwrap.so
%changelog -n tcpd
* Tue May 30 2006 - lmichnovic@suse.cz
- fixed uninitilized filepointer (uninitialized.diff) [#178636]
* Fri Mar 31 2006 - lmichnovic@suse.cz
- fixed missing definition of hosts_ctl() in tcpd.h (hosts_ctl.diff)
[#162303]
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Sun Jan 15 2006 - schwab@suse.de
- Don't strip binaries.
* Fri Sep 16 2005 - meissner@suse.de
- fixed all implicit warnings.
* Fri Jun 24 2005 - ro@suse.de
- build with fPIE/pie
- really use RPM_OPT_FLAGS
- fix some non-void-return warnings
* Thu Jan 13 2005 - postadal@suse.cz
- fixed crashing on system with more than one network interface [#49368]
* Wed Sep 15 2004 - aj@suse.de
- Fix warnings about implicit functions to compile with GCC 4.0.
* Mon Mar 22 2004 - ro@suse.de
- installed shared lib to /%%_lib, not /usr/%%_lib
and add symlinks (fix for part of #36514)
* Thu Feb 12 2004 - kukuk@suse.de
- Create subpackage "tcpd-devel"
* Mon Feb 09 2004 - postadal@suse.cz
- added support for compiling as shared library with soname of libwrap0 (version 7.6)
* Sun Jan 11 2004 - adrian@suse.de
- build as user
* Fri Oct 31 2003 - postadal@suse.cz
- fixed invalid warning about "host name mismatch" [#26519, #32772]
* Wed Sep 10 2003 - postadal@suse.cz
- fixed handling patterns ending with period [#27322]
* Sat Mar 15 2003 - kukuk@suse.de
- Don't handle IPv4 netmask as Prefix length [#25409]
* Mon Dec 16 2002 - postadal@suse.cz
- added ip6utils.h to filelist [#22487]
* Fri Dec 13 2002 - postadal@suse.cz
- fixed fix_options function in libwrap.a [#22000]
- included patch ipv6-fix.diff of mludvig@suse.cz to make tcpd work
with IPv4 and mapped IPv4 addresses. [#16162]
- turned off remote username lookups (allways_rfc931) [#22013]
* Thu Jan 10 2002 - cihlar@suse.cz
- use %%{_libdir}
* Tue Nov 20 2001 - cihlar@suse.cz
- fixed SEGFAULT in tcpdchk [#12135]
* Thu Sep 06 2001 - schwab@suse.de
- Compile with -fPIC so that it can be included in a shared library.
* Wed Sep 05 2001 - schwab@suse.de
- Add prototypes for C++.
* Thu Mar 22 2001 - ro@suse.de
- added split-aliases as provides
* Tue Feb 27 2001 - cihlar@suse.cz
- fixed %%files
- clean up spec file
- bzipped sources
* Tue Apr 11 2000 - kukuk@suse.de
- Split from nkitb