From d3cc9ca362259aa6ef89208c8bf6e94b924b9978973ebd3aa233cff045b160f3 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 18 Dec 2006 23:17:59 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tcpd?expand=0&rev=1 --- .gitattributes | 23 + .gitignore | 1 + ready | 0 tcp_wrappers_7.6-builtin.diff | 19 + tcp_wrappers_7.6-fix_options-fix.diff | 11 + tcp_wrappers_7.6-host_name_mapping-fix.diff | 27 + tcp_wrappers_7.6-hosts_ctl.diff | 10 + tcp_wrappers_7.6-ipv6-1.6.diff.gz | 3 + tcp_wrappers_7.6-ipv6-fix.diff | 961 ++++++++++++++++++ tcp_wrappers_7.6-ipv6.fix.fix.diff | 30 + tcp_wrappers_7.6-ipv6.fix.fix2.diff | 47 + ...appers_7.6-multi_local_interfaces-fix.diff | 11 + tcp_wrappers_7.6-nonvoid.diff | 67 ++ tcp_wrappers_7.6-optflags.diff | 36 + tcp_wrappers_7.6-prototypes.diff | 91 ++ tcp_wrappers_7.6-shared-lib.diff | 163 +++ tcp_wrappers_7.6-uninitialized.diff | 11 + tcp_wrappers_7.6.dif | 366 +++++++ tcp_wrappers_7.6.tar.bz2 | 3 + tcpd.changes | 129 +++ tcpd.spec | 183 ++++ 21 files changed, 2192 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 ready create mode 100644 tcp_wrappers_7.6-builtin.diff create mode 100644 tcp_wrappers_7.6-fix_options-fix.diff create mode 100644 tcp_wrappers_7.6-host_name_mapping-fix.diff create mode 100644 tcp_wrappers_7.6-hosts_ctl.diff create mode 100644 tcp_wrappers_7.6-ipv6-1.6.diff.gz create mode 100644 tcp_wrappers_7.6-ipv6-fix.diff create mode 100644 tcp_wrappers_7.6-ipv6.fix.fix.diff create mode 100644 tcp_wrappers_7.6-ipv6.fix.fix2.diff create mode 100644 tcp_wrappers_7.6-multi_local_interfaces-fix.diff create mode 100644 tcp_wrappers_7.6-nonvoid.diff create mode 100644 tcp_wrappers_7.6-optflags.diff create mode 100644 tcp_wrappers_7.6-prototypes.diff create mode 100644 tcp_wrappers_7.6-shared-lib.diff create mode 100644 tcp_wrappers_7.6-uninitialized.diff create mode 100644 tcp_wrappers_7.6.dif create mode 100644 tcp_wrappers_7.6.tar.bz2 create mode 100644 tcpd.changes create mode 100644 tcpd.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/tcp_wrappers_7.6-builtin.diff b/tcp_wrappers_7.6-builtin.diff new file mode 100644 index 0000000..9b48b2e --- /dev/null +++ b/tcp_wrappers_7.6-builtin.diff @@ -0,0 +1,19 @@ +--- scaffold.c ++++ scaffold.c +@@ -20,6 +20,8 @@ + #include + #include + #include ++#include ++ + #if defined(INET6) && !defined(USE_GETIPNODEBY) + #include + #endif +@@ -28,7 +30,6 @@ + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ + #endif + +-extern char *malloc(); + + /* Application-specific. */ + diff --git a/tcp_wrappers_7.6-fix_options-fix.diff b/tcp_wrappers_7.6-fix_options-fix.diff new file mode 100644 index 0000000..c1dbc6e --- /dev/null +++ b/tcp_wrappers_7.6-fix_options-fix.diff @@ -0,0 +1,11 @@ +--- fix_options.c ++++ fix_options.c +@@ -53,7 +53,7 @@ + * XXX IPv6 support? + */ + sslen = sizeof(ss); +- if (getsockname(fd, (struct sockaddr *)&ss, &sslen < 0)) { ++ if (getsockname(fd, (struct sockaddr *)&ss, &sslen) < 0) { + syslog(LOG_ERR, "getpeername: %m"); + clean_exit(request); + } diff --git a/tcp_wrappers_7.6-host_name_mapping-fix.diff b/tcp_wrappers_7.6-host_name_mapping-fix.diff new file mode 100644 index 0000000..5fa89f5 --- /dev/null +++ b/tcp_wrappers_7.6-host_name_mapping-fix.diff @@ -0,0 +1,27 @@ +--- socket.c ++++ socket.c +@@ -270,7 +270,6 @@ + res = res->ai_next; + } + +- freeaddrinfo (resbase); + + if (res == NULL) + { +@@ -279,6 +278,7 @@ + host->name, + inet_ntop2 (sin6->sin6_family, &sin6->sin6_addr)); + strncpy(host->name, paranoid, sizeof(host->name)); ++ freeaddrinfo (resbase); + return; + } + +@@ -289,7 +289,7 @@ + host->name, res->ai_canonname, + inet_ntop2 (sin6->sin6_family, &sin6->sin6_addr)); + } +- ++ freeaddrinfo (resbase); + return; + } + #else /* INET6 */ diff --git a/tcp_wrappers_7.6-hosts_ctl.diff b/tcp_wrappers_7.6-hosts_ctl.diff new file mode 100644 index 0000000..f78105d --- /dev/null +++ b/tcp_wrappers_7.6-hosts_ctl.diff @@ -0,0 +1,10 @@ +--- tcpd.h ++++ tcpd.h +@@ -128,6 +128,7 @@ + #ifdef __STDC__ + extern struct request_info *request_init(struct request_info *,...); + extern struct request_info *request_set(struct request_info *,...); ++extern int hosts_ctl(char *daemon, char *client_name, char *client_addr, char *client_user); + #else + extern struct request_info *request_init(); /* initialize request */ + extern struct request_info *request_set(); /* update request structure */ diff --git a/tcp_wrappers_7.6-ipv6-1.6.diff.gz b/tcp_wrappers_7.6-ipv6-1.6.diff.gz new file mode 100644 index 0000000..4c1a199 --- /dev/null +++ b/tcp_wrappers_7.6-ipv6-1.6.diff.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4cc4bdc5a86f2b7aaa8257507e19de5cc36fc8f128e815f44c33da017048971f +size 8070 diff --git a/tcp_wrappers_7.6-ipv6-fix.diff b/tcp_wrappers_7.6-ipv6-fix.diff new file mode 100644 index 0000000..68c2934 --- /dev/null +++ b/tcp_wrappers_7.6-ipv6-fix.diff @@ -0,0 +1,961 @@ +# +# This patch makes tcpd/libwrap work with IPv6, IPv4 and +# mapped IPv4 addresses. +# +# The approach is "convert everything to IPv6". It means that +# any IPv4 address I ever met either in /etc/hosts.* or that I get from +# the socket is first converted to v4-mapped and then handled as if it was +# IPv6. This simplifies the logic very much and makes the code much +# cleaner. Prefixes are also supported in the form [3ffe:ffff::/48] as +# well as for IPv4 addresses. +# +# Made by Michal Ludvig , +# November , 2002 +# +diff -upNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.mludvig/hosts_access.c +--- tcp_wrappers_7.6/hosts_access.c 2002-11-29 16:09:02.000000000 +0100 ++++ tcp_wrappers_7.6.mludvig/hosts_access.c 2002-11-29 12:52:15.000000000 +0100 +@@ -85,11 +85,6 @@ static int server_match(); + static int client_match(); + static int host_match(); + static int string_match(); +-static int masked_match(); +-#ifdef INET6 +-static int masked_match4(); +-static int masked_match6(); +-#endif + + /* Size of logical line buffer. */ + +@@ -308,15 +303,17 @@ struct host_info *host; + } else if (STR_EQ(tok, "LOCAL")) { /* local: no dots in name */ + char *name = eval_hostname(host); + return (strchr(name, '.') == 0 && HOSTNAME_KNOWN(name)); +- } else if ((mask = split_at(tok, '/')) != 0) { /* net/mask */ +- return (masked_match(tok, mask, eval_hostaddr(host))); + } else { /* anything else */ + return (string_match(tok, eval_hostaddr(host)) + || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host)))); + } + } + +-/* string_match - match string against pattern */ ++/* string_match - match string against pattern ++ * ++ * tok = data read from /etc/hosts.* ++ * string = textual data of actual client ++ */ + + static int string_match(tok, string) + char *tok; +@@ -324,13 +321,6 @@ char *string; + { + int n; + +-#ifdef INET6 +- /* convert IPv4 mapped IPv6 address to IPv4 address */ +- if (STRN_EQ(string, "::ffff:", 7) +- && dot_quad_addr(string + 7) != INADDR_NONE) { +- string += 7; +- } +-#endif + if (tok[0] == '.') { /* suffix */ + n = strlen(string) - strlen(tok); + return (n > 0 && STR_EQ(tok, string + n)); +@@ -340,122 +330,65 @@ char *string; + return (STR_NE(string, unknown)); + } else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */ + return (STRN_EQ(tok, string, n)); +- } else { /* exact match */ ++ } else if (STR_EQ(tok, string)) /* exact match */ ++ return (YES); + #ifdef INET6 ++ else /* IP addresses match - not needed for IPv4 */ ++ { ++ /* For simplicity we convert everything to IPv6 (or v4 mapped) */ + struct in6_addr pat, addr; +- int len, ret; +- char ch; +- ++ int len, ret, prefixlen=128; ++ char ch, token[INET6_ADDRSTRLEN+1], *mask; ++ + len = strlen(tok); +- if (*tok == '[' && tok[len - 1] == ']') { +- ch = tok[len - 1]; +- tok[len - 1] = '\0'; +- ret = inet_pton(AF_INET6, tok + 1, pat.s6_addr); +- tok[len - 1] = ch; +- if (ret != 1 || inet_pton(AF_INET6, string, addr.s6_addr) != 1) +- return NO; +- return (!memcmp(&pat, &addr, sizeof(struct in6_addr))); ++ if (*tok == '[' && tok[len - 1] == ']') ++ { ++ ch = tok[len - 1]; ++ tok[len - 1] = '\0'; ++ snprintf(token, sizeof(token), "%s", tok+1); ++ tok[len - 1] = ch; ++ } ++ else ++ snprintf(token, sizeof(token), "%s", tok); ++ ++ /* If prefix was given, handle it */ ++ if ((mask = split_at(token, '/')) != 0) ++ { ++ if (sscanf(mask, "%d", &prefixlen) != 1 || prefixlen < 0) ++ { ++ tcpd_warn ("Wrong prefix length in %s", tok); ++ return (NO); ++ } ++ ++ if (is_v4_string (token)) ++ prefixlen += 96; /* extend to v4mapped */ ++ ++ if (prefixlen > 128) ++ { ++ tcpd_warn ("Prefix too long in %s", tok); ++ return (NO); ++ } ++ } ++ ++ memset (&pat, 0, sizeof(pat)); ++ memset (&addr, 0, sizeof(addr)); ++ ++ if (inet_pton_mapped(AF_INET6, token, &pat) != 1) ++ return (NO); ++ ++ if (inet_pton_mapped(AF_INET6, string, &addr) != 1) ++ { ++ tcpd_warn("Unable to handle client address: %s", string); ++ return (NO); + } +-#endif +- return (STR_EQ(tok, string)); +- } +-} +- +-/* masked_match - match address against netnumber/netmask */ +- +-#ifdef INET6 +-static int masked_match(net_tok, mask_tok, string) +-char *net_tok; +-char *mask_tok; +-char *string; +-{ +- return (masked_match4(net_tok, mask_tok, string) || +- masked_match6(net_tok, mask_tok, string)); +-} +- +-static int masked_match4(net_tok, mask_tok, string) +-#else +-static int masked_match(net_tok, mask_tok, string) +-#endif +-char *net_tok; +-char *mask_tok; +-char *string; +-{ +-#ifdef INET6 +- u_int32_t net; +- u_int32_t mask; +- u_int32_t addr; +-#else +- unsigned long net; +- unsigned long mask; +- unsigned long addr; +-#endif +- +- /* +- * Disallow forms other than dotted quad: the treatment that inet_addr() +- * gives to forms with less than four components is inconsistent with the +- * access control language. John P. Rouillard . +- */ +- +- if ((addr = dot_quad_addr(string)) == INADDR_NONE) +- return (NO); +- if ((net = dot_quad_addr(net_tok)) == INADDR_NONE +- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) { +-#ifndef INET6 +- tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok); +-#endif +- return (NO); /* not tcpd_jump() */ +- } +- return ((addr & mask) == net); +-} +- +-#ifdef INET6 +-static int masked_match6(net_tok, mask_tok, string) +-char *net_tok; +-char *mask_tok; +-char *string; +-{ +- struct in6_addr net, addr; +- u_int32_t mask; +- int len, mask_len, i = 0; +- char ch; +- +- if (inet_pton(AF_INET6, string, addr.s6_addr) != 1) +- return NO; +- +- if (IN6_IS_ADDR_V4MAPPED(&addr)) { +- if ((*(u_int32_t *)&net.s6_addr[12] = dot_quad_addr(net_tok)) == INADDR_NONE +- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) +- return (NO); +- return ((*(u_int32_t *)&addr.s6_addr[12] & mask) == *(u_int32_t *)&net.s6_addr[12]); +- } + +- /* match IPv6 address against netnumber/prefixlen */ +- len = strlen(net_tok); +- if (*net_tok != '[' || net_tok[len - 1] != ']') +- return NO; +- ch = net_tok[len - 1]; +- net_tok[len - 1] = '\0'; +- if (inet_pton(AF_INET6, net_tok + 1, net.s6_addr) != 1) { +- net_tok[len - 1] = ch; +- return NO; +- } +- net_tok[len - 1] = ch; +- if ((mask_len = atoi(mask_tok)) < 0 || mask_len > 128) +- return NO; +- +- while (mask_len > 0) { +- if (mask_len < 32) { +- mask = htonl(~(0xffffffff >> mask_len)); +- if ((*(u_int32_t *)&addr.s6_addr[i] & mask) != (*(u_int32_t *)&net.s6_addr[i] & mask)) +- return NO; +- break; ++ if (prefixlen < 128) ++ { ++ apply_v6_prefix (&pat, prefixlen); ++ apply_v6_prefix (&addr, prefixlen); + } +- if (*(u_int32_t *)&addr.s6_addr[i] != *(u_int32_t *)&net.s6_addr[i]) +- return NO; +- i += 4; +- mask_len -= 32; ++ ++ return (!memcmp(&pat, &addr, sizeof(struct in6_addr))); + } +- return YES; ++#endif + } +-#endif /* INET6 */ +--- tcp_wrappers_7.6/socket.c 2002-11-29 16:08:40.000000000 +0100 ++++ tcp_wrappers_7.6.mludvig/socket.c 2002-11-29 16:16:56.000000000 +0100 +@@ -25,16 +25,12 @@ static char sccsid[] = "@(#) socket.c 1. + #include + #include + #include ++#include + #include + #include + #include + #include +- +-#ifdef INET6 +-#ifndef USE_GETIPNODEBY +-#include +-#endif +-#endif ++#include + + extern char *inet_ntoa(); + +@@ -65,10 +61,10 @@ char *name; + */ + + if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) { +- return (gethostbyname(name)); ++ return (gethostbyname(name)); + } else { +- sprintf(dot_name, "%s.", name); +- return (gethostbyname(dot_name)); ++ sprintf(dot_name, "%s.", name); ++ return (gethostbyname(dot_name)); + } + } + +@@ -104,15 +100,15 @@ struct request_info *request; + + len = sizeof(client); + if (getpeername(fd, (struct sockaddr *) & client, &len) < 0) { +- request->sink = sock_sink; +- len = sizeof(client); +- if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK, +- (struct sockaddr *) & client, &len) < 0) { +- tcpd_warn("can't get client address: %m"); +- return; /* give up */ +- } ++ request->sink = sock_sink; ++ len = sizeof(client); ++ if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK, ++ (struct sockaddr *) & client, &len) < 0) { ++ tcpd_warn("can't get client address: %m"); ++ return; /* give up */ ++ } + #ifdef really_paranoid +- memset(buf, 0 sizeof(buf)); ++ memset(buf, 0 sizeof(buf)); + #endif + } + #ifdef INET6 +@@ -129,8 +125,8 @@ struct request_info *request; + + len = sizeof(server); + if (getsockname(fd, (struct sockaddr *) & server, &len) < 0) { +- tcpd_warn("getsockname: %m"); +- return; ++ tcpd_warn("getsockname: %m"); ++ return; + } + #ifdef INET6 + request->server->sin = (struct sockaddr *)&server; +@@ -150,18 +146,18 @@ struct host_info *host; + int alen; + + if (!sin) +- return; ++ return; + switch (sin->sa_family) { +- case AF_INET: +- ap = (char *)&((struct sockaddr_in *)sin)->sin_addr; +- alen = sizeof(struct in_addr); +- break; +- case AF_INET6: +- ap = (char *)&((struct sockaddr_in6 *)sin)->sin6_addr; +- alen = sizeof(struct in6_addr); +- break; +- default: +- return; ++ case AF_INET: ++ ap = (char *)&((struct sockaddr_in *)sin)->sin_addr; ++ alen = sizeof(struct in_addr); ++ break; ++ case AF_INET6: ++ ap = (char *)&((struct sockaddr_in6 *)sin)->sin6_addr; ++ alen = sizeof(struct in6_addr); ++ break; ++ default: ++ return; + } + host->addr[0] = '\0'; + inet_ntop(sin->sa_family, ap, host->addr, sizeof(host->addr)); +@@ -169,30 +165,139 @@ struct host_info *host; + struct sockaddr_in *sin = host->sin; + + if (sin != 0) +- STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr)); ++ STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr)); + #endif + } + ++#ifdef INET6 + /* sock_hostname - map endpoint address to host name */ ++void ++sock_hostname(struct host_info *host) ++{ ++ struct addrinfo hints, *res, *resbase; ++ struct sockaddr *sa = host->sin; ++ struct sockaddr_in6 *sin6, sin6buf; ++ int errcode; ++ ++ if (!sa) ++ { ++ /* Unknown sockaddr => unable to verify */ ++ tcpd_warn ("can't verify hostname: sockaddr == NULL"); ++ strncpy(host->name, paranoid, sizeof(host->name)); ++ return; ++ } ++ ++ switch (sa->sa_family) ++ { ++ case AF_INET: ++ if (((struct sockaddr_in *)sa)->sin_addr.s_addr == 0) ++ { ++ /* Address 0.0.0.0 is invalid. */ ++ tcpd_warn ("can't verify hostname of address %s", ++ inet_ntop2(sa->sa_family, ++ &((struct sockaddr_in *)sa)->sin_addr)); ++ strncpy(host->name, paranoid, sizeof(host->name)); ++ return; ++ } ++ sin6 = sa_map_v4_to_v6 ((struct sockaddr_in *)sa, ++ &sin6buf); ++ break; ++ case AF_INET6: ++ sin6 = (struct sockaddr_in6 *)sa; ++ break; ++ default: ++ /* Unknown protocol family. */ ++ strncpy(host->name, paranoid, sizeof(host->name)); ++ return; ++ } ++ ++ /* First resolve address to name... */ ++ if (getnameinfo ((struct sockaddr *)sin6, sizeof(*sin6), ++ host->name, sizeof(host->name), ++ NULL, 0, 0) < 0) ++ { ++ tcpd_warn ("can't verify hostname: getnameinfo(%s): %s", ++ inet_ntop2(sin6->sin6_family, &sin6->sin6_addr), ++ strerror(errno)); ++ strncpy(host->name, paranoid, sizeof(host->name)); ++ return; ++ } ++ ++ /* Now resolve the name back to the address. Hopefully we'll ++ get the same one... */ ++ ++ memset (&hints, 0, sizeof(hints)); ++ ++ hints.ai_family = PF_UNSPEC; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags |= AI_CANONNAME; ++ ++ errcode = getaddrinfo(host->name, NULL, &hints, &resbase); ++ if(errcode) ++ { ++ tcpd_warn ("can't verify hostname: getaddrinfo(%s): %s", ++ host->name, ++ gai_strerror(errcode)); ++ strncpy(host->name, paranoid, sizeof(host->name)); ++ return; ++ } ++ ++ res = resbase; ++ ++ /* Now walk through all reutrned addresses and see if at least one ++ is the same (or mmapped-same) as the incoming one. */ ++ while(res) ++ { ++ struct sockaddr_in6 *sin6res, sin6resbuf; ++ ++ switch (res->ai_family) ++ { ++ case AF_INET: ++ sin6res = sa_map_v4_to_v6 ((struct sockaddr_in *)res->ai_addr, &sin6resbuf); ++ break; ++ case AF_INET6: ++ sin6res = (struct sockaddr_in6 *)res->ai_addr; ++ break; ++ default: ++ res = res->ai_next; ++ continue; ++ } ++ ++ if (memcmp (&sin6->sin6_addr, &sin6res->sin6_addr, ++ sizeof(sin6->sin6_addr)) == 0) ++ break; ++ ++ res = res->ai_next; ++ } ++ ++ freeaddrinfo (resbase); ++ ++ if (res == NULL) ++ { ++ /* We walked through the list but didn't find a matching address. */ ++ tcpd_warn ("can't verify hostname: getaddrinfo(%s) didn't return %s", ++ host->name, ++ inet_ntop2 (sin6->sin6_family, &sin6->sin6_addr)); ++ strncpy(host->name, paranoid, sizeof(host->name)); ++ return; ++ } + +-void sock_hostname(host) ++ if (STR_NE (host->name, res->ai_canonname) && STR_NE(host->name, "localhost")) ++ { ++ /* We don't treat this as an error, though... */ ++ tcpd_warn("host name mismatch: %s != %s (%s)", ++ host->name, res->ai_canonname, ++ inet_ntop2 (sin6->sin6_family, &sin6->sin6_addr)); ++ } ++ ++ return; ++} ++#else /* INET6 */ ++void sock_hostname(host) + struct host_info *host; + { +-#ifdef INET6 +- struct sockaddr *sin = host->sin; +- char addr[128]; +-#ifdef USE_GETIPNODEBY +- int h_error; +-#else +- u_long res_options; +-#endif +- struct hostent *hp = NULL; +- char *ap; +- int alen; +-#else + struct sockaddr_in *sin = host->sin; + struct hostent *hp; +-#endif + int i; + + /* +@@ -202,163 +307,76 @@ struct host_info *host; + * have to special-case 0.0.0.0, in order to avoid false alerts from the + * host name/address checking code below. + */ +-#ifdef INET6 +- if (sin != NULL) { +- switch (sin->sa_family) { +- case AF_INET: +- if (((struct sockaddr_in *)sin)->sin_addr.s_addr == 0) { +- strcpy(host->name, paranoid); /* name is bad, clobber it */ +- return; +- } +- ap = (char *) &((struct sockaddr_in *)sin)->sin_addr; +- alen = sizeof(struct in_addr); +- break; +- case AF_INET6: +- ap = (char *) &((struct sockaddr_in6 *)sin)->sin6_addr; +- alen = sizeof(struct in6_addr); +- break; +- defalut: +- strcpy(host->name, paranoid); /* name is bad, clobber it */ +- return; +- } +-#ifdef USE_GETIPNODEBY +- hp = getipnodebyaddr(ap, alen, sin->sa_family, &h_error); +-#else +- hp = gethostbyaddr(ap, alen, sin->sa_family); +-#endif +- } +- if (hp) { +-#else + if (sin != 0 && sin->sin_addr.s_addr != 0 +- && (hp = gethostbyaddr((char *) &(sin->sin_addr), +- sizeof(sin->sin_addr), AF_INET)) != 0) { +-#endif +- +- STRN_CPY(host->name, hp->h_name, sizeof(host->name)); +-#if defined(INET6) && defined(USE_GETIPNODEBY) +- freehostent(hp); +-#endif ++ && (hp = gethostbyaddr((char *) &(sin->sin_addr), ++ sizeof(sin->sin_addr), AF_INET)) != 0) { + +- /* +- * Verify that the address is a member of the address list returned +- * by gethostbyname(hostname). +- * +- * Verify also that gethostbyaddr() and gethostbyname() return the same +- * hostname, or rshd and rlogind may still end up being spoofed. +- * +- * On some sites, gethostbyname("localhost") returns "localhost.domain". +- * This is a DNS artefact. We treat it as a special case. When we +- * can't believe the address list from gethostbyname("localhost") +- * we're in big trouble anyway. +- */ ++ STRN_CPY(host->name, hp->h_name, sizeof(host->name)); + +-#ifdef INET6 +-#ifdef USE_GETIPNODEBY +- hp = getipnodebyname(host->name, sin->sa_family, +- AI_V4MAPPED | AI_ADDRCONFIG | AI_ALL, &h_error); +-#else +- if ((_res.options & RES_INIT) == 0) { +- if (res_init() < 0) { +- inet_ntop(sin->sa_family, ap, addr, sizeof(addr)); +- tcpd_warn("can't verify hostname: res_init() for %s failed", +- addr); +- strcpy(host->name, paranoid); /* name is bad, clobber it */ +- return; +- } +- } +- res_options = _res.options; +- if (sin->sa_family == AF_INET6) +- _res.options |= RES_USE_INET6; +- else +- _res.options &= ~RES_USE_INET6; +- hp = gethostbyname2(host->name, +- (sin->sa_family == AF_INET6 && +- IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)sin)->sin6_addr)) ? +- AF_INET : sin->sa_family); +- _res.options = res_options; +-#endif +- if (!hp) { +-#else +- if ((hp = gethostbyname(host->name)) == 0) { +-#endif +- +- /* +- * Unable to verify that the host name matches the address. This +- * may be a transient problem or a botched name server setup. +- */ ++ /* ++ * Verify that the address is a member of the address list returned ++ * by gethostbyname(hostname). ++ * ++ * Verify also that gethostbyaddr() and gethostbyname() return the same ++ * hostname, or rshd and rlogind may still end up being spoofed. ++ * ++ * On some sites, gethostbyname("localhost") returns "localhost.domain". ++ * This is a DNS artefact. We treat it as a special case. When we ++ * can't believe the address list from gethostbyname("localhost") ++ * we're in big trouble anyway. ++ */ + +-#ifdef INET6 +-#ifdef USE_GETIPNODEBY +- tcpd_warn("can't verify hostname: getipnodebyname(%s, %s) failed", +-#else +- tcpd_warn("can't verify hostname: gethostbyname2(%s, %s) failed", +-#endif +- host->name, +- (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6"); +-#else +- tcpd_warn("can't verify hostname: gethostbyname(%s) failed", +- host->name); +-#endif ++ if ((hp = gethostbyname(host->name)) == 0) { + +- } else if (STR_NE(host->name, hp->h_name) +- && STR_NE(host->name, "localhost")) { ++ /* ++ * Unable to verify that the host name matches the address. This ++ * may be a transient problem or a botched name server setup. ++ */ ++ ++ tcpd_warn("can't verify hostname: gethostbyname(%s) failed", ++ host->name); ++ ++ } else if (STR_NE(host->name, hp->h_name) ++ && STR_NE(host->name, "localhost")) { ++ ++ /* ++ * The gethostbyaddr() and gethostbyname() calls did not return ++ * the same hostname. This could be a nameserver configuration ++ * problem. It could also be that someone is trying to spoof us. ++ */ + +- /* +- * The gethostbyaddr() and gethostbyname() calls did not return +- * the same hostname. This could be a nameserver configuration +- * problem. It could also be that someone is trying to spoof us. +- */ +- +- tcpd_warn("host name/name mismatch: %s != %.*s", +- host->name, STRING_LENGTH, hp->h_name); +- +- } else { +- +- /* +- * The address should be a member of the address list returned by +- * gethostbyname(). We should first verify that the h_addrtype +- * field is AF_INET, but this program has already caused too much +- * grief on systems with broken library code. +- */ ++ tcpd_warn("host name/name mismatch: %s != %.*s", ++ host->name, STRING_LENGTH, hp->h_name); + +- for (i = 0; hp->h_addr_list[i]; i++) { +-#ifdef INET6 +- if (memcmp(hp->h_addr_list[i], ap, alen) == 0) { +-#ifdef USE_GETIPNODEBY +- freehostent(hp); +-#endif +- return; /* name is good, keep it */ +- } +-#else +- if (memcmp(hp->h_addr_list[i], +- (char *) &sin->sin_addr, +- sizeof(sin->sin_addr)) == 0) +- return; /* name is good, keep it */ +-#endif +- } ++ } else { + +- /* +- * The host name does not map to the initial address. Perhaps +- * someone has messed up. Perhaps someone compromised a name +- * server. +- */ ++ /* ++ * The address should be a member of the address list returned by ++ * gethostbyname(). We should first verify that the h_addrtype ++ * field is AF_INET, but this program has already caused too much ++ * grief on systems with broken library code. ++ */ ++ ++ for (i = 0; hp->h_addr_list[i]; i++) { ++ if (memcmp(hp->h_addr_list[i], ++ (char *) &sin->sin_addr, ++ sizeof(sin->sin_addr)) == 0) ++ return; /* name is good, keep it */ ++ } ++ ++ /* ++ * The host name does not map to the initial address. Perhaps ++ * someone has messed up. Perhaps someone compromised a name ++ * server. ++ */ + +-#ifdef INET6 +- inet_ntop(sin->sa_family, ap, addr, sizeof(addr)); +- tcpd_warn("host name/address mismatch: %s != %.*s", +- addr, STRING_LENGTH, hp->h_name); +-#else +- tcpd_warn("host name/address mismatch: %s != %.*s", +- inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name); +-#endif +- } +- strcpy(host->name, paranoid); /* name is bad, clobber it */ +-#if defined(INET6) && defined(USE_GETIPNODEBY) +- if (hp) +- freehostent(hp); +-#endif ++ tcpd_warn("host name/address mismatch: %s != %.*s", ++ inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name); ++ } ++ strcpy(host->name, paranoid); /* name is bad, clobber it */ + } + } ++#endif /* INET6 */ + + /* sock_sink - absorb unreceived IP datagram */ + +diff -upNr tcp_wrappers_7.6/ip6utils.c tcp_wrappers_7.6.mludvig/ip6utils.c +--- tcp_wrappers_7.6/ip6utils.c 1970-01-01 01:00:00.000000000 +0100 ++++ tcp_wrappers_7.6.mludvig/ip6utils.c 2002-11-29 14:31:52.000000000 +0100 +@@ -0,0 +1,152 @@ ++#include ++#include ++#include ++#include ++#include ++ ++#include "ip6utils.h" ++ ++/* inet_pton_mapped() ++ - works like inet_pton(3) but always returns IPv6 address ++ in dst - either "real" or v4mapped (::ffff:1.2.3.4) in ++ the case, when src points to IPv4 address (eg. to 1.2.3.4). */ ++int ++inet_pton_mapped (int af, const char *src, void *dst) ++{ ++ int ret; ++ ++ /* Mapped address is v6. */ ++ if (af != AF_INET6) ++ { ++ errno = EAFNOSUPPORT; ++ return -1; ++ } ++ ++ /* We must put the result somewhere. */ ++ if (!dst) ++ { ++ errno = EFAULT; ++ return -1; ++ } ++ ++ /* First try whether the address IPv6. */ ++ ret = inet_pton (AF_INET6, src, dst); ++ if (ret > 0) ++ return ret; ++ ++ /* Because we're here, it apparently wasn't IPv6. Try IPv4 now. */ ++ ret = inet_pton (AF_INET, src, &((struct in6_addr *)dst)->s6_addr32[3]); ++ if (ret > 0) ++ { ++ /* Good, it was IPv4, map it now. */ ++ ((struct in6_addr *)dst)->s6_addr32[0] = 0; ++ ((struct in6_addr *)dst)->s6_addr32[1] = 0; ++ ((struct in6_addr *)dst)->s6_addr32[2] = htonl(0x0000ffffL); ++ } ++ return ret; ++} ++ ++/* inet_ntop2() ++ - works like inet_ntop(3) but doesn't need an external ++ buffer. Usefull eg. for printing addresses via printf(). */ ++const char * ++inet_ntop2 (int af, const void *src) ++{ ++ static char address[INET6_ADDRSTRLEN]; ++ ++ return inet_ntop(af, src, address, sizeof(address)); ++} ++ ++/* sa_map_v4_to_v6() ++ - Take an IPv4 address in first argument and map it to ++ IPv4-mapped (::ffff:1.2.3.4) IPv6 address. */ ++struct sockaddr_in6 * ++sa_map_v4_to_v6 (struct sockaddr_in *sin, struct sockaddr_in6 *sin6) ++{ ++ /* Both pointers must be not-NULL or we'll segfault. */ ++ if (!sin || !sin6) ++ { ++ errno = EFAULT; ++ return NULL; ++ } ++ ++ /* We can map only IPv4 addresses. */ ++ if (sin->sin_family != AF_INET) ++ return NULL; ++ ++ /* Map it now... */ ++ memset(sin6, 0, sizeof(*sin6)); ++ ++ sin6->sin6_family = AF_INET6; ++ sin6->sin6_port = sin->sin_port; ++ sin6->sin6_addr.s6_addr16[5] = 0xffff; ++ sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; ++ ++ return sin6; ++} ++ ++/* is_v4_string(), is_v6_string() ++ - Return 1 when src is a string representing a valid ++ IPv4, resp. IPv6 address. Return 0 otherwise. */ ++int ++is_v4_string (const char *src) ++{ ++ struct in_addr result; ++ ++ return (inet_pton (AF_INET, src, &result) > 0); ++} ++ ++int ++is_v6_string (const char *src) ++{ ++ struct in6_addr result; ++ ++ return (inet_pton (AF_INET6, src, &result) > 0); ++} ++ ++/* apply_v6_prefix() ++ - mask the address given in 'src' with 'prefixlen' netmask. Clear ++ all bits not covered by prefixlen. */ ++int ++apply_v6_prefix (struct in6_addr *src, int prefixlen) ++{ ++ int i; ++ ++ /* Check prefix for a valid length. */ ++ if (prefixlen < 0 || prefixlen > 128) ++ return -1; ++ ++ /* Prefixes will quite often end up on 16b boundary, ++ so we'll walk thorugh 16b blocks and possibly avoid ++ creating bitmasks. */ ++ for (i=0; i<8; i++) ++ { ++ /* Prefix fully covers this block -> leave as is. */ ++ if (prefixlen >= (i+1)*16) ++ continue; ++ /* Prefix doesn't cover this block -> zero it. */ ++ if (prefixlen <= i*16) ++ { ++ src->s6_addr16[i] = 0; ++ continue; ++ } ++ /* Prefix ends somewhere inside in this block. Let's ++ build and apply a bitmask for this block. */ ++ { ++ uint16_t mask=0; ++ int bits; ++ ++ bits = prefixlen - i*16; ++ ++ while (bits) ++ { ++ mask |= (1 << (16-bits)); ++ bits --; ++ } ++ ++ src->s6_addr16[i] &= htons(mask); ++ } ++ } ++ ++ return 0; ++} +diff -upNr tcp_wrappers_7.6/ip6utils.h tcp_wrappers_7.6.mludvig/ip6utils.h +--- tcp_wrappers_7.6/ip6utils.h 1970-01-01 01:00:00.000000000 +0100 ++++ tcp_wrappers_7.6.mludvig/ip6utils.h 2002-11-29 12:53:06.000000000 +0100 +@@ -0,0 +1,33 @@ ++#ifndef IP6UTILS_H ++#define IP6UTILS_H ++ ++/* inet_pton_mapped() ++ - works like inet_pton(3) but always returns IPv6 address ++ in dst - either "real" or v4mapped (::ffff:1.2.3.4) in ++ the case, when src points to IPv4 address (eg. to 1.2.3.4). ++ Return value is as with inet_pton(), dst remains untouched on ++ an address translation failure. */ ++int inet_pton_mapped (int af, const char *src, void *dst); ++ ++/* inet_ntop2() ++ - works like inet_ntop(3) but doesn't need an external ++ buffer. Usefull eg. for printing addresses via printf(). */ ++const char *inet_ntop2 (int af, const void *src); ++ ++/* sa_map_v4_to_v6() ++ - Take an IPv4 address in form 1.2.3.4 and map it to ++ IPv4-mapped form ::ffff:1.2.3.4 */ ++struct sockaddr_in6 *sa_map_v4_to_v6 (struct sockaddr_in *sin, struct sockaddr_in6 *sin6); ++ ++/* is_v4_string(), is_v6_string() ++ - Return 1 when src is a string representing a valid ++ IPv4, resp. IPv6 address. Return 0 otherwise. */ ++int is_v4_string (const char *src); ++int is_v6_string (const char *src); ++ ++/* apply_v6_prefix() ++ - mask the address given in 'src' with 'prefixlen' netmask. Clear ++ all bits not covered by prefixlen. Return -1 on a failure, else 0. */ ++int apply_v6_prefix (struct in6_addr *src, int prefixlen); ++ ++#endif /* IP6UTILS_H */ +diff -upNr tcp_wrappers_7.6/tcpd.h tcp_wrappers_7.6.mludvig/tcpd.h +--- tcp_wrappers_7.6/tcpd.h 2002-11-29 16:09:02.000000000 +0100 ++++ tcp_wrappers_7.6.mludvig/tcpd.h 2002-11-29 12:54:16.000000000 +0100 +@@ -10,6 +10,8 @@ + #include + #endif + ++#include "ip6utils.h" ++ + /* Structure to describe one communications endpoint. */ + + #define STRING_LENGTH 128 /* hosts, users, processes */ +diff -upNr tcp_wrappers_7.6/Makefile tcp_wrappers_7.6.mludvig/Makefile +--- tcp_wrappers_7.6/Makefile 2002-11-29 16:09:02.000000000 +0100 ++++ tcp_wrappers_7.6.mludvig/Makefile 2002-11-29 12:54:04.000000000 +0100 +@@ -1,5 +1,7 @@ + # @(#) Makefile 1.23 97/03/21 19:27:20 + ++really-all: linux ++ + what: + @echo + @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:" +@@ -670,7 +672,7 @@ CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY + LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \ + hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \ + $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \ +- update.o misc.o diag.o percent_m.o myvsyslog.o ++ update.o misc.o diag.o percent_m.o myvsyslog.o ip6utils.o + + FROM_OBJ= fromhost.o + +@@ -683,6 +685,7 @@ KIT = README miscd.c tcpd.c fromhost.c h + tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \ + myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \ + refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \ ++ ip6utils.c ip6utils.h \ + scaffold.h tcpdmatch.8 README.NIS + + LIB = libwrap.a +@@ -812,6 +815,7 @@ printfck: + + # Internal compilation dependencies. + ++tcpd.h: ip6utils.h + clean_exit.o: cflags + clean_exit.o: tcpd.h + diag.o: cflags + diff --git a/tcp_wrappers_7.6-ipv6.fix.fix.diff b/tcp_wrappers_7.6-ipv6.fix.fix.diff new file mode 100644 index 0000000..eb8bfb4 --- /dev/null +++ b/tcp_wrappers_7.6-ipv6.fix.fix.diff @@ -0,0 +1,30 @@ +--- hosts_access.c 2003/03/15 15:12:36 1.1 ++++ hosts_access.c 2003/03/15 15:47:18 +@@ -354,7 +354,26 @@ + /* If prefix was given, handle it */ + if ((mask = split_at(token, '/')) != 0) + { +- if (sscanf(mask, "%d", &prefixlen) != 1 || prefixlen < 0) ++ if (strchr(mask, '.') != NULL) /* We have something ++ like 255.255.0.0 */ ++ { ++ int b1, b2, b3, b4; ++ uint32_t netmask; ++ ++ if (sscanf(mask, "%d.%d.%d.%d", &b1, &b2, &b3, &b4) != 4) ++ { ++ tcpd_warn ("Wrong netmask in %s", tok); ++ return (NO); ++ } ++ netmask = (((((b1 * 256) + b2) * 256) + b3) * 256) + b4; ++ prefixlen = 0; ++ while (netmask > 0) ++ { ++ ++prefixlen; ++ netmask <<= 1; ++ } ++ } ++ else if (sscanf(mask, "%d", &prefixlen) != 1 || prefixlen < 0) + { + tcpd_warn ("Wrong prefix length in %s", tok); + return (NO); diff --git a/tcp_wrappers_7.6-ipv6.fix.fix2.diff b/tcp_wrappers_7.6-ipv6.fix.fix2.diff new file mode 100644 index 0000000..335eb5c --- /dev/null +++ b/tcp_wrappers_7.6-ipv6.fix.fix2.diff @@ -0,0 +1,47 @@ +--- hosts_access.c ++++ hosts_access.c +@@ -328,8 +328,6 @@ + return (YES); + } else if (STR_EQ(tok, "KNOWN")) { /* not unknown */ + return (STR_NE(string, unknown)); +- } else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */ +- return (STRN_EQ(tok, string, n)); + } else if (STR_EQ(tok, string)) /* exact match */ + return (YES); + #ifdef INET6 +@@ -337,11 +335,31 @@ + { + /* For simplicity we convert everything to IPv6 (or v4 mapped) */ + struct in6_addr pat, addr; +- int len, ret, prefixlen=128; +- char ch, token[INET6_ADDRSTRLEN+1], *mask; +- ++ int len, ret, prefixlen=128, nof_periods = 0; ++ char ch, token[INET6_ADDRSTRLEN+1], *mask, *ptok = tok, *addition; + len = strlen(tok); +- if (*tok == '[' && tok[len - 1] == ']') ++ if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */ ++ while ((ptok = strchr(ptok, '.')) != NULL){ ++ nof_periods++; ++ ptok++; ++ } ++ switch(nof_periods){ ++ case 1: ++ addition = "0.0.0/8"; ++ break; ++ case 2: ++ addition = "0.0/16"; ++ break; ++ case 3: ++ addition = "0/24"; ++ break; ++ default: ++ tcpd_warn ("Wrong prefix %s", tok); ++ return (NO); ++ } ++ snprintf(token, sizeof(token), "%s%s", tok, addition); ++ } ++ else if (*tok == '[' && tok[len - 1] == ']') + { + ch = tok[len - 1]; + tok[len - 1] = '\0'; diff --git a/tcp_wrappers_7.6-multi_local_interfaces-fix.diff b/tcp_wrappers_7.6-multi_local_interfaces-fix.diff new file mode 100644 index 0000000..fb00658 --- /dev/null +++ b/tcp_wrappers_7.6-multi_local_interfaces-fix.diff @@ -0,0 +1,11 @@ +--- socket.c ++++ socket.c +@@ -282,7 +282,7 @@ + return; + } + +- if (STR_NE (host->name, res->ai_canonname) && STR_NE(host->name, "localhost")) ++ if ((!res->ai_canonname || STR_NE (host->name, res->ai_canonname)) && STR_NE(host->name, "localhost")) + { + /* We don't treat this as an error, though... */ + tcpd_warn("host name mismatch: %s != %s (%s)", diff --git a/tcp_wrappers_7.6-nonvoid.diff b/tcp_wrappers_7.6-nonvoid.diff new file mode 100644 index 0000000..d0fac79 --- /dev/null +++ b/tcp_wrappers_7.6-nonvoid.diff @@ -0,0 +1,67 @@ +--- fakelog.c ++++ fakelog.c +@@ -16,7 +16,7 @@ + /* openlog - dummy */ + + /* ARGSUSED */ +- ++void + openlog(name, logopt, facility) + char *name; + int logopt; +@@ -26,7 +26,7 @@ + } + + /* vsyslog - format one record */ +- ++void + vsyslog(severity, fmt, ap) + int severity; + char *fmt; +@@ -42,7 +42,7 @@ + /* syslog - format one record */ + + /* VARARGS */ +- ++void + VARARGS(syslog, int, severity) + { + va_list ap; +@@ -55,7 +55,7 @@ + } + + /* closelog - dummy */ +- ++void + closelog() + { + /* void */ +--- fix_options.c ++++ fix_options.c +@@ -31,7 +31,7 @@ + #define BUFFER_SIZE 512 /* Was: BUFSIZ */ + + /* fix_options - get rid of IP-level socket options */ +- ++void + fix_options(request) + struct request_info *request; + { +--- options.c ++++ options.c +@@ -541,6 +541,7 @@ + return (t->value); + tcpd_jump("bad syslog facility or severity: \"%s\"", name); + /* NOTREACHED */ ++ return 0; + } + + /* severity_option - change logging severity for this event (Dave Mitchell) */ +--- tcpd.c ++++ tcpd.c +@@ -131,4 +131,5 @@ + syslog(LOG_ERR, "error: cannot execute %s: %m", path); + clean_exit(&request); + /* NOTREACHED */ ++ return 0; + } diff --git a/tcp_wrappers_7.6-optflags.diff b/tcp_wrappers_7.6-optflags.diff new file mode 100644 index 0000000..f84765c --- /dev/null +++ b/tcp_wrappers_7.6-optflags.diff @@ -0,0 +1,36 @@ +--- Makefile ++++ Makefile +@@ -673,7 +673,7 @@ + shared/%.o: %.c + $(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@ + +-CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ ++CFLAGS = $(RPM_OPT_FLAGS) -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ + $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \ + -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \ + -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ +@@ -730,13 +730,13 @@ + ln -s $(notdir $(SHLIBSOMAJ)) $(SHLIBSO) + + tcpd: tcpd.o $(SHLIB) +- $(CC) $(CFLAGS) -o $@ tcpd.o $(SHLIBFLAGS) ++ $(CC) $(CFLAGS) -pie -o $@ tcpd.o $(SHLIBFLAGS) + + miscd: miscd.o $(SHLIB) + $(CC) $(CFLAGS) -o $@ miscd.o $(SHLIBFLAGS) + + safe_finger: safe_finger.o $(SHLIB) +- $(CC) $(CFLAGS) -o $@ safe_finger.o $(SHLIBFLAGS) ++ $(CC) $(CFLAGS) -pie -o $@ safe_finger.o $(SHLIBFLAGS) + + TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o + +@@ -744,7 +744,7 @@ + $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS) + + try-from: try-from.o fakelog.o $(SHLIB) +- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS) ++ $(CC) $(CFLAGS) -pie -o $@ try-from.o fakelog.o $(SHLIBFLAGS) + + TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o + diff --git a/tcp_wrappers_7.6-prototypes.diff b/tcp_wrappers_7.6-prototypes.diff new file mode 100644 index 0000000..6f1c69c --- /dev/null +++ b/tcp_wrappers_7.6-prototypes.diff @@ -0,0 +1,91 @@ +--- tcp_wrappers_7.6/inetcf.c.xx 2005-09-16 22:00:05.000000000 +0200 ++++ tcp_wrappers_7.6/inetcf.c 2005-09-16 22:13:38.000000000 +0200 +@@ -88,7 +88,7 @@ + } else { + for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "r")) == 0; i++) + /* void */ ; +- if (fp == 0) { ++ if (!fp) { + fprintf(stderr, "Cannot find your inetd.conf or tlid.conf file.\n"); + fprintf(stderr, "Please specify its location.\n"); + exit(1); +--- tcp_wrappers_7.6/ip6utils.c.xx 2005-09-16 22:00:35.000000000 +0200 ++++ tcp_wrappers_7.6/ip6utils.c 2005-09-16 22:13:38.000000000 +0200 +@@ -2,6 +2,7 @@ + #include + #include + #include ++#include + #include + + #include "ip6utils.h" +--- tcp_wrappers_7.6/options.c.xx 2005-09-16 22:05:35.000000000 +0200 ++++ tcp_wrappers_7.6/options.c 2005-09-16 22:13:38.000000000 +0200 +@@ -41,6 +41,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +--- tcp_wrappers_7.6/clean_exit.c.xx 2005-09-16 22:09:34.000000000 +0200 ++++ tcp_wrappers_7.6/clean_exit.c 2005-09-16 22:13:38.000000000 +0200 +@@ -13,6 +13,8 @@ + #endif + + #include ++#include ++#include + + extern void exit(); + +--- tcp_wrappers_7.6/shell_cmd.c.xx 2005-09-16 22:06:55.000000000 +0200 ++++ tcp_wrappers_7.6/shell_cmd.c 2005-09-16 22:13:38.000000000 +0200 +@@ -15,9 +15,13 @@ + /* System libraries. */ + + #include ++#include + #include + #include + #include ++#include ++#include ++#include + #include + #include + +--- tcp_wrappers_7.6/percent_x.c.xx 2005-09-16 22:09:19.000000000 +0200 ++++ tcp_wrappers_7.6/percent_x.c 2005-09-16 22:13:38.000000000 +0200 +@@ -18,6 +18,8 @@ + + #include + #include ++#include ++#include + #include + + extern void exit(); +--- tcp_wrappers_7.6/update.c.xx 2005-09-16 22:10:09.000000000 +0200 ++++ tcp_wrappers_7.6/update.c 2005-09-16 22:13:38.000000000 +0200 +@@ -21,6 +21,7 @@ + + #include + #include ++#include + #include + + /* Local stuff. */ +--- tcp_wrappers_7.6/hosts_access.c.xx 2005-09-16 22:12:08.000000000 +0200 ++++ tcp_wrappers_7.6/hosts_access.c 2005-09-16 22:13:38.000000000 +0200 +@@ -31,6 +31,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include diff --git a/tcp_wrappers_7.6-shared-lib.diff b/tcp_wrappers_7.6-shared-lib.diff new file mode 100644 index 0000000..4ed2a5e --- /dev/null +++ b/tcp_wrappers_7.6-shared-lib.diff @@ -0,0 +1,163 @@ +--- Makefile ++++ Makefile +@@ -145,9 +145,9 @@ + + linux: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ ++ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \ + NETGROUP=-DNETGROUP TLI= \ +- EXTRA_CFLAGS="-fPIC -DSYS_ERRLIST_DEFINED -DINET6=1 -Dss_family=__ss_family" all ++ EXTRA_CFLAGS="-fPIC -DSYS_ERRLIST_DEFINED -DINET6=1 -Dss_family=__ss_family -DHAVE_WEAKSYMS -D_REENTRANT" all + + # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. + hpux hpux8 hpux9 hpux10: +@@ -660,7 +660,18 @@ + # Protection against weird shells or weird make programs. + + SHELL = /bin/sh +-.c.o:; $(CC) $(CFLAGS) -c $*.c ++.c.o:; $(CC) $(CFLAGS) -o $*.o -c $*.c ++ ++SOMAJOR = 0 ++SOMINOR = 7.6 ++LIB = libwrap.a ++SHLIB = shared/libwrap.so.$(SOMAJOR).$(SOMINOR) ++SHLIBSOMAJ = shared/libwrap.so.$(SOMAJOR) ++SHLIBSO = shared/libwrap.so ++SHLIBFLAGS = -Lshared -lwrap ++ ++shared/%.o: %.c ++ $(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@ + + CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ + $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \ +@@ -669,11 +680,16 @@ + $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \ + $(VSYSLOG) + ++SHLINKFLAGS = -shared -Xlinker -soname -Xlinker libwrap.so.$(SOMAJOR) -lc $(LIBS) ++SHCFLAGS = -fPIC -shared -D_REENTRANT ++ + LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \ + hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \ + $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \ + update.o misc.o diag.o percent_m.o myvsyslog.o ip6utils.o + ++SHLIB_OBJ= $(addprefix shared/, $(LIB_OBJ)); ++ + FROM_OBJ= fromhost.o + + KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \ +@@ -688,9 +704,8 @@ + ip6utils.c ip6utils.h \ + scaffold.h tcpdmatch.8 README.NIS + +-LIB = libwrap.a ++all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(LIB) + +-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk + + # Invalidate all object files when the compiler options (CFLAGS) have changed. + +@@ -701,33 +716,40 @@ + then rm /tmp/cflags.$$$$ ; \ + else mv /tmp/cflags.$$$$ cflags ; \ + fi >/dev/null 2>/dev/null ++ @if [ ! -d shared ]; then mkdir shared; fi + + $(LIB): $(LIB_OBJ) + rm -f $(LIB) + $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ) + -$(RANLIB) $(LIB) + +-tcpd: tcpd.o $(LIB) +- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS) ++$(SHLIB): $(SHLIB_OBJ) ++ rm -f $(SHLIB) ++ $(CC) -o $(SHLIB) $(SHLINKFLAGS) $(SHLIB_OBJ) ++ ln -s $(notdir $(SHLIB)) $(SHLIBSOMAJ) ++ ln -s $(notdir $(SHLIBSOMAJ)) $(SHLIBSO) ++ ++tcpd: tcpd.o $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ tcpd.o $(SHLIBFLAGS) + +-miscd: miscd.o $(LIB) +- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS) ++miscd: miscd.o $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ miscd.o $(SHLIBFLAGS) + +-safe_finger: safe_finger.o $(LIB) +- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS) ++safe_finger: safe_finger.o $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ safe_finger.o $(SHLIBFLAGS) + + TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o + +-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) +- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS) ++tcpdmatch: $(TCPDMATCH_OBJ) $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS) + +-try-from: try-from.o fakelog.o $(LIB) +- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS) ++try-from: try-from.o fakelog.o $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS) + + TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o + +-tcpdchk: $(TCPDCHK_OBJ) $(LIB) +- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS) ++tcpdchk: $(TCPDCHK_OBJ) $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(SHLIBFLAGS) + + shar: $(KIT) + @shar $(KIT) +@@ -743,7 +765,8 @@ + + clean: + rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \ +- cflags ++ cflags libwrap*.so* ++ rm -rf shared + + tidy: clean + chmod -R a+r . +@@ -890,5 +913,6 @@ + update.o: mystdarg.h + update.o: tcpd.h + vfprintf.o: cflags ++weak_symbols.o: tcpd.h + workarounds.o: cflags + workarounds.o: tcpd.h +--- tcpd.h ++++ tcpd.h +@@ -106,8 +106,14 @@ + + /* Global variables. */ + ++#ifdef HAVE_WEAKSYMS ++extern int allow_severity __attribute__ ((weak)); /* for connection logging */ ++extern int deny_severity __attribute__ ((weak)); /* for connection logging */ ++#else + extern int allow_severity; /* for connection logging */ + extern int deny_severity; /* for connection logging */ ++#endif ++ + extern char *hosts_allow_table; /* for verification mode redirection */ + extern char *hosts_deny_table; /* for verification mode redirection */ + extern int hosts_access_verbose; /* for verbose matching mode */ +--- weak_symbols.c ++++ weak_symbols.c +@@ -0,0 +1,11 @@ ++/* ++ * @(#) weak_symbols.h 1.5 99/12/29 23:50 ++ * ++ * Author: Anthony Towns ++ */ ++ ++#ifdef HAVE_WEAKSYMS ++#include ++int deny_severity = LOG_WARNING; ++int allow_severity = SEVERITY; ++#endif diff --git a/tcp_wrappers_7.6-uninitialized.diff b/tcp_wrappers_7.6-uninitialized.diff new file mode 100644 index 0000000..c14e833 --- /dev/null +++ b/tcp_wrappers_7.6-uninitialized.diff @@ -0,0 +1,11 @@ +--- inetcf.c ++++ inetcf.c +@@ -61,7 +61,7 @@ + char *conf; + { + char buf[BUFSIZ]; +- FILE *fp; ++ FILE *fp = NULL; + char *service; + char *protocol; + char *user; diff --git a/tcp_wrappers_7.6.dif b/tcp_wrappers_7.6.dif new file mode 100644 index 0000000..c52be2a --- /dev/null +++ b/tcp_wrappers_7.6.dif @@ -0,0 +1,366 @@ +--- Makefile ++++ Makefile +@@ -44,7 +44,7 @@ + #REAL_DAEMON_DIR=/usr/etc + # + # SysV.4 Solaris 2.x OSF AIX +-#REAL_DAEMON_DIR=/usr/sbin ++REAL_DAEMON_DIR=/usr/sbin + # + # BSD 4.4 + #REAL_DAEMON_DIR=/usr/libexec +@@ -143,8 +143,9 @@ + + linux: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ +- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all ++ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ ++ NETGROUP=-DNETGROUP TLI= \ ++ EXTRA_CFLAGS="-fPIC -DSYS_ERRLIST_DEFINED -DINET6=1 -Dss_family=__ss_family" all + + # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. + hpux hpux8 hpux9 hpux10: +@@ -229,7 +230,7 @@ + + # Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com) + uts215: +- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ++ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="-lsocket" RANLIB=echo \ + ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all + +@@ -472,7 +473,7 @@ + # If your system supports vsyslog(), comment out the following definition. + # If in doubt leave it in, it won't harm. + +-VSYSLOG = -Dvsyslog=myvsyslog ++#VSYSLOG = -Dvsyslog=myvsyslog + + # End of the system dependencies. + ################################# +@@ -491,7 +492,7 @@ + # Uncomment the next definition to turn on the language extensions + # (examples: allow, deny, banners, twist and spawn). + # +-#STYLE = -DPROCESS_OPTIONS # Enable language extensions. ++STYLE = -DPROCESS_OPTIONS # Enable language extensions. + + ################################################################ + # Optional: Changing the default disposition of logfile records +@@ -514,7 +515,7 @@ + # + # The LOG_XXX names below are taken from the /usr/include/syslog.h file. + +-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use ++FACILITY= LOG_AUTHPRIV # LOG_MAIL is what most sendmail daemons use + + # The syslog priority at which successful connections are logged. + +@@ -531,7 +532,7 @@ + # and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken + # from /etc/hosts or from NIS maps. It does work with DNS through NIS. + # +-# DOT= -DAPPEND_DOT ++DOT= -DAPPEND_DOT + + ################################################## + # Optional: Always attempt remote username lookups +@@ -610,7 +611,7 @@ + # Paranoid mode implies hostname lookup. In order to disable hostname + # lookups altogether, see the next section. + +-PARANOID= -DPARANOID ++#PARANOID= -DPARANOID + + ######################################## + # Optional: turning off hostname lookups +@@ -649,7 +650,7 @@ + # source-routed traffic in the kernel. Examples: 4.4BSD derivatives, + # Solaris 2.x, and Linux. See your system documentation for details. + # +-# KILL_OPT= -DKILL_IP_OPTIONS ++#KILL_OPT= -DKILL_IP_OPTIONS + + ## End configuration options + ############################ +@@ -659,12 +660,12 @@ + SHELL = /bin/sh + .c.o:; $(CC) $(CFLAGS) -c $*.c + +-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ ++CFLAGS = -O2 -pipe -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ + $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \ + -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \ + -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ + $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \ +- $(VSYSLOG) $(HOSTNAME) ++ $(VSYSLOG) + + LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \ + hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \ +--- README.ipv6 ++++ README.ipv6 +@@ -0,0 +1,17 @@ ++;; IPv6 patch for tcp_wrappers_7.6 1.6 ++;; Aug 23, 1999 by Hajimu UMEMOTO ++;; ++;; This patch supports IPv4/IPv6 dual stack and IPv4-mapped IPv6 address. ++;; You can replace stock tcpd or libwrap.a with this. ++;; IPv6 address pattern is as a `[net]/prefixlen' pair. ++;; This patch was tested on KAME/FreeBSD, KAME/FreeBSD3, KAME/NetBSD, ++;; RedHat 5.1 with kernel 2.1.126, and RedHat 6.0 with kernel 2.2.10. ++;; ++;; CAUTION: ++;; Back out change for field separater. Now, field separater is `:' ++;; not `|'. To specify IPv6 address, enclose IPv6 address with `[' ++;; and `]'. ++;; ++;; For Linux users: ++;; If your libc doesn't have sockaddr_storage, try target `linux-old'. ++ +--- hosts_access.c ++++ hosts_access.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + extern char *fgets(); + extern int errno; +@@ -95,6 +96,33 @@ + #define BUFLEN 2048 + + /* hosts_access - host access control facility */ ++ ++int ++yp_get_default_domain (char **outdomain) ++{ ++ static char __ypdomainname[1025] = "\0"; ++ int result = YPERR_SUCCESS;; ++ *outdomain = NULL; ++ ++ if (__ypdomainname[0] == '\0') ++ { ++ if (getdomainname (__ypdomainname, 1024)) ++ result = YPERR_NODOM; ++ else if (strcmp (__ypdomainname, "(none)") == 0) ++ { ++ /* If domainname is not set, some Systems will return "(none)" */ ++ __ypdomainname[0] = '\0'; ++ result = YPERR_NODOM; ++ } ++ else ++ *outdomain = __ypdomainname; ++ } ++ else ++ *outdomain = __ypdomainname; ++ ++ return result; ++} ++ + + int hosts_access(request) + struct request_info *request; +--- safe_finger.c ++++ safe_finger.c +@@ -31,7 +31,7 @@ + + /* Local stuff */ + +-char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin"; ++char path[] = "PATH=/bin:/usr/bin:/usr/sbin"; + + #define TIME_LIMIT 60 /* Do not keep listinging forever */ + #define INPUT_LENGTH 100000 /* Do not keep listinging forever */ +--- scaffold.c ++++ scaffold.c +@@ -334,10 +334,11 @@ + + /* ARGSUSED */ + +-void rfc931(request) +-struct request_info *request; ++void rfc931(request, dummy1, dummy2) ++struct sockaddr *request, *dummy1; ++char *dummy2; + { +- strcpy(request->user, unknown); ++ strcpy(((struct request_info *)request)->user, unknown); + } + + /* check_path - examine accessibility */ +--- tcpd.h ++++ tcpd.h +@@ -4,6 +4,12 @@ + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + ++#ifdef __STDC__ ++#include ++#include ++#include ++#endif ++ + /* Structure to describe one communications endpoint. */ + + #define STRING_LENGTH 128 /* hosts, users, processes */ +@@ -65,11 +71,26 @@ + /* Global functions. */ + + #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) ++#ifdef __STDC__ ++extern void fromhost(struct request_info *); ++#else + extern void fromhost(); /* get/validate client host info */ ++#endif + #else + #define fromhost sock_host /* no TLI support needed */ + #endif + ++#ifdef __STDC__ ++extern int hosts_access(struct request_info *); ++extern void shell_cmd(char *); ++extern char *percent_x(char *, int, char *, struct request_info *); ++extern void rfc931(struct sockaddr *, struct sockaddr *, char *); ++extern void clean_exit(struct request_info *); ++extern void refuse(struct request_info *); ++extern char *xgets(char *, int, FILE *); ++extern char *split_at(char *, int); ++extern unsigned long dot_quad_addr(char *); ++#else + extern int hosts_access(); /* access control */ + extern void shell_cmd(); /* execute shell command */ + extern char *percent_x(); /* do % expansion */ +@@ -79,6 +100,7 @@ + extern char *xgets(); /* fgets() on steroids */ + extern char *split_at(); /* strchr() and split */ + extern unsigned long dot_quad_addr(); /* restricted inet_addr() */ ++#endif + + /* Global variables. */ + +@@ -121,28 +143,47 @@ + * host_info structures serve as caches for the lookup results. + */ + ++#ifdef __STDC__ ++extern char *eval_user(struct request_info *); ++extern char *eval_hostname(struct host_info *); ++extern char *eval_hostaddr(struct host_info *); ++extern char *eval_hostinfo(struct host_info *); ++extern char *eval_client(struct request_info *); ++extern char *eval_server(struct request_info *); ++#else + extern char *eval_user(); /* client user */ + extern char *eval_hostname(); /* printable hostname */ + extern char *eval_hostaddr(); /* printable host address */ + extern char *eval_hostinfo(); /* host name or address */ + extern char *eval_client(); /* whatever is available */ + extern char *eval_server(); /* whatever is available */ ++#endif + #define eval_daemon(r) ((r)->daemon) /* daemon process name */ + #define eval_pid(r) ((r)->pid) /* process id */ + + /* Socket-specific methods, including DNS hostname lookups. */ + ++#ifdef __STDC__ ++extern void sock_host(struct request_info *); ++extern void sock_hostname(struct host_info *); ++extern void sock_hostaddr(struct host_info *); ++#else + extern void sock_host(); /* look up endpoint addresses */ + extern void sock_hostname(); /* translate address to hostname */ + extern void sock_hostaddr(); /* address to printable address */ ++#endif + #define sock_methods(r) \ + { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } + + /* The System V Transport-Level Interface (TLI) interface. */ + + #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) ++#ifdef __STDC__ ++extern void tli_host(struct request_info *); ++#else + extern void tli_host(); /* look up endpoint addresses etc. */ + #endif ++#endif + + /* + * Problem reporting interface. Additional file/line context is reported +@@ -182,42 +223,74 @@ + * behavior. + */ + ++#ifdef __STDC__ ++extern void process_options(char *, struct request_info *); ++#else + extern void process_options(); /* execute options */ ++#endif + extern int dry_run; /* verification flag */ + + /* Bug workarounds. */ + + #ifdef INET_ADDR_BUG /* inet_addr() returns struct */ + #define inet_addr fix_inet_addr ++#ifdef __STDC__ ++extern long fix_inet_addr(char *); ++#else + extern long fix_inet_addr(); + #endif ++#endif + + #ifdef BROKEN_FGETS /* partial reads from sockets */ + #define fgets fix_fgets ++#ifdef __STDC__ ++extern char *fix_fgets(char *, int, FILE *); ++#else + extern char *fix_fgets(); + #endif ++#endif + + #ifdef RECVFROM_BUG /* no address family info */ + #define recvfrom fix_recvfrom ++#ifdef __STDC__ ++extern int fix_recvfrom(int, char *, int, int, struct sockaddr *, int *); ++#else + extern int fix_recvfrom(); + #endif ++#endif + + #ifdef GETPEERNAME_BUG /* claims success with UDP */ + #define getpeername fix_getpeername ++#ifdef __STDC__ ++extern int fix_getpeername(int, struct sockaddr *, int *); ++#else + extern int fix_getpeername(); + #endif ++#endif + + #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ + #define gethostbyname fix_gethostbyname ++#ifdef __STDC__ ++extern struct hostent *fix_gethostbyname(char *); ++#else + extern struct hostent *fix_gethostbyname(); + #endif ++#endif + + #ifdef USE_STRSEP /* libc calls strtok() */ + #define strtok fix_strtok ++#ifdef __STDC__ ++extern char *fix_strtok(char *, char *); ++#else + extern char *fix_strtok(); + #endif ++#endif + + #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ + #define strtok my_strtok ++#ifdef __STDC__ ++extern char *my_strtok(char *, char *); ++#else + extern char *my_strtok(); ++#endif + #endif diff --git a/tcp_wrappers_7.6.tar.bz2 b/tcp_wrappers_7.6.tar.bz2 new file mode 100644 index 0000000..96602ae --- /dev/null +++ b/tcp_wrappers_7.6.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:77a52687b1919bd4b10a0893becec1935e23a5355e85a786e29fb84a13953a2c +size 78615 diff --git a/tcpd.changes b/tcpd.changes new file mode 100644 index 0000000..5cd7309 --- /dev/null +++ b/tcpd.changes @@ -0,0 +1,129 @@ +------------------------------------------------------------------- +Tue May 30 16:59:21 CEST 2006 - lmichnovic@suse.cz + +- fixed uninitilized filepointer (uninitialized.diff) [#178636] + +------------------------------------------------------------------- +Fri Mar 31 15:57:06 CEST 2006 - lmichnovic@suse.cz + +- fixed missing definition of hosts_ctl() in tcpd.h (hosts_ctl.diff) + [#162303] + +------------------------------------------------------------------- +Wed Jan 25 21:31:01 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Sun Jan 15 19:13:05 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri Sep 16 22:16:47 CEST 2005 - meissner@suse.de + +- fixed all implicit warnings. + +------------------------------------------------------------------- +Fri Jun 24 02:34:37 CEST 2005 - ro@suse.de + +- build with fPIE/pie +- really use RPM_OPT_FLAGS +- fix some non-void-return warnings + +------------------------------------------------------------------- +Thu Jan 13 15:17:52 CET 2005 - postadal@suse.cz + +- fixed crashing on system with more than one network interface [#49368] + +------------------------------------------------------------------- +Wed Sep 15 20:56:57 CEST 2004 - aj@suse.de + +- Fix warnings about implicit functions to compile with GCC 4.0. + +------------------------------------------------------------------- +Mon Mar 22 15:36:12 CET 2004 - ro@suse.de + +- installed shared lib to /%_lib, not /usr/%_lib + and add symlinks (fix for part of #36514) + +------------------------------------------------------------------- +Thu Feb 12 16:28:45 CET 2004 - kukuk@suse.de + +- Create subpackage "tcpd-devel" + +------------------------------------------------------------------- +Mon Feb 09 13:05:26 CET 2004 - postadal@suse.cz + +- added support for compiling as shared library with soname of libwrap0 (version 7.6) + +------------------------------------------------------------------- +Sun Jan 11 11:59:00 CET 2004 - adrian@suse.de + +- build as user + +------------------------------------------------------------------- +Fri Oct 31 13:20:28 CET 2003 - postadal@suse.cz + +- fixed invalid warning about "host name mismatch" [#26519, #32772] + +------------------------------------------------------------------- +Wed Sep 10 15:03:34 CEST 2003 - postadal@suse.cz + +- fixed handling patterns ending with period [#27322] + +------------------------------------------------------------------- +Sat Mar 15 17:52:56 CET 2003 - kukuk@suse.de + +- Don't handle IPv4 netmask as Prefix length [#25409] + +------------------------------------------------------------------- +Mon Dec 16 13:18:04 CET 2002 - postadal@suse.cz + +- added ip6utils.h to filelist [#22487] + +------------------------------------------------------------------- +Fri Dec 13 14:07:13 CET 2002 - postadal@suse.cz + +- fixed fix_options function in libwrap.a [#22000] +- included patch ipv6-fix.diff of mludvig@suse.cz to make tcpd work + with IPv4 and mapped IPv4 addresses. [#16162] +- turned off remote username lookups (allways_rfc931) [#22013] + +------------------------------------------------------------------- +Thu Jan 10 08:47:15 CET 2002 - cihlar@suse.cz + +- use %{_libdir} + +------------------------------------------------------------------- +Tue Nov 20 15:35:07 CET 2001 - cihlar@suse.cz + +- fixed SEGFAULT in tcpdchk [#12135] + +------------------------------------------------------------------- +Thu Sep 6 17:55:44 CEST 2001 - schwab@suse.de + +- Compile with -fPIC so that it can be included in a shared library. + +------------------------------------------------------------------- +Wed Sep 5 15:34:35 CEST 2001 - schwab@suse.de + +- Add prototypes for C++. + +------------------------------------------------------------------- +Thu Mar 22 18:51:02 CET 2001 - ro@suse.de + +- added split-aliases as provides + +------------------------------------------------------------------- +Tue Feb 27 07:33:12 CET 2001 - cihlar@suse.cz + +- fixed %files +- clean up spec file +- bzipped sources + +------------------------------------------------------------------- +Tue Apr 11 17:15:20 CEST 2000 - kukuk@suse.de + +- Split from nkitb + diff --git a/tcpd.spec b/tcpd.spec new file mode 100644 index 0000000..ca1edbd --- /dev/null +++ b/tcpd.spec @@ -0,0 +1,183 @@ +# +# spec file for package tcpd (Version 7.6) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: tcpd +URL: ftp://ftp.porcupine.org/pub/security/index.html +License: Other License(s), see package +Group: Productivity/Networking/System +Provides: nkitb:/usr/sbin/tcpd +Autoreqprov: on +Version: 7.6 +Release: 731 +Summary: A security wrapper for TCP daemons +Source: tcp_wrappers_%{version}.tar.bz2 +Patch: tcp_wrappers_%{version}.dif +Patch1: tcp_wrappers_%{version}-ipv6-1.6.diff.gz +Patch2: tcp_wrappers_%{version}-ipv6-fix.diff +Patch3: tcp_wrappers_%{version}-ipv6.fix.fix.diff +Patch4: tcp_wrappers_%{version}-ipv6.fix.fix2.diff +Patch5: tcp_wrappers_%{version}-host_name_mapping-fix.diff +Patch6: tcp_wrappers_%{version}-fix_options-fix.diff +Patch7: tcp_wrappers_%{version}-shared-lib.diff +Patch8: tcp_wrappers_%{version}-builtin.diff +Patch9: tcp_wrappers_%{version}-multi_local_interfaces-fix.diff +Patch10: tcp_wrappers_7.6-optflags.diff +Patch11: tcp_wrappers_7.6-nonvoid.diff +Patch12: tcp_wrappers_7.6-prototypes.diff +Patch13: tcp_wrappers_7.6-hosts_ctl.diff +Patch14: tcp_wrappers_7.6-uninitialized.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +This package contains a small daemon program that can monitor and +filter incoming requests for finger, ftp, telnet, rlogin, rsh, exec, +tftp, talk, and other network services. + + + +Authors: +-------- + Wietse Venema + +%package devel +Summary: Include Files and Libraries for the TCP wrapper library +Group: Productivity/Networking/System +Prefix: %{_prefix} +Requires: %{name} = %{version} +Requires: glibc-devel + +%description devel +This package contains the library and header files, which are necessary +to compile and link programs against the TCP wrapper library. + + + +%prep +%setup -n tcp_wrappers_%{version} +%patch1 -p2 +%patch +%patch2 -p1 +%patch3 +%patch4 +%patch5 +%patch6 +%patch7 +%patch8 +%patch9 +%patch10 +%patch11 +%patch12 -p1 +%patch13 +%patch14 + +%build +#RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIE -Wformat=2" +make linux + +%install +install -d -m 755 $RPM_BUILD_ROOT/usr/{%{_lib},include,sbin} +install -d -m 755 $RPM_BUILD_ROOT%{_mandir}/man{1,3,5,8} +install -m 755 tcpd tcpdchk tcpdmatch safe_finger try-from $RPM_BUILD_ROOT/usr/sbin/ +install -m 644 tcpd.8 tcpdchk.8 tcpdmatch.8 $RPM_BUILD_ROOT%{_mandir}/man8/ +install -m 644 hosts_access.3 $RPM_BUILD_ROOT%{_mandir}/man3/ +install -m 644 hosts_access.5 hosts_options.5 $RPM_BUILD_ROOT%{_mandir}/man5/ +install -m 644 libwrap.a $RPM_BUILD_ROOT/%{_libdir} +install -m 644 tcpd.h $RPM_BUILD_ROOT/usr/include/ +install -m 644 ip6utils.h $RPM_BUILD_ROOT/usr/include/ +install -d -m 755 $RPM_BUILD_ROOT/%{_lib} +install -m 644 shared/libwrap.so.0.%{version} $RPM_BUILD_ROOT/%{_lib} +cd $RPM_BUILD_ROOT/%{_lib} +ln -sf libwrap.so.0.%{version} libwrap.so.0 +cd $RPM_BUILD_ROOT/%{_libdir} +ln -sf /%{_lib}/libwrap.so.0.%{version} libwrap.so + +%clean +[ -d %{buildroot} -a "%{buildroot}" != "" ] && rm -rf %{buildroot} + +%post +%run_ldconfig + +%postun +%run_ldconfig + +%files +%defattr(644,root,root,755) +%doc BLURB CHANGES DISCLAIMER README README.ipv6 README.NIS +%attr(755,root,root) /%{_lib}/libwrap.so.* +%doc %{_mandir}/man?/* +%attr(755,root,root) /usr/sbin/* + +%files devel +%defattr(644,root,root,755) +/usr/include/tcpd.h +/usr/include/ip6utils.h +%{_libdir}/libwrap.a +%{_libdir}/libwrap.so + +%changelog -n tcpd +* Tue May 30 2006 - lmichnovic@suse.cz +- fixed uninitilized filepointer (uninitialized.diff) [#178636] +* Fri Mar 31 2006 - lmichnovic@suse.cz +- fixed missing definition of hosts_ctl() in tcpd.h (hosts_ctl.diff) + [#162303] +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Sun Jan 15 2006 - schwab@suse.de +- Don't strip binaries. +* Fri Sep 16 2005 - meissner@suse.de +- fixed all implicit warnings. +* Fri Jun 24 2005 - ro@suse.de +- build with fPIE/pie +- really use RPM_OPT_FLAGS +- fix some non-void-return warnings +* Thu Jan 13 2005 - postadal@suse.cz +- fixed crashing on system with more than one network interface [#49368] +* Wed Sep 15 2004 - aj@suse.de +- Fix warnings about implicit functions to compile with GCC 4.0. +* Mon Mar 22 2004 - ro@suse.de +- installed shared lib to /%%_lib, not /usr/%%_lib + and add symlinks (fix for part of #36514) +* Thu Feb 12 2004 - kukuk@suse.de +- Create subpackage "tcpd-devel" +* Mon Feb 09 2004 - postadal@suse.cz +- added support for compiling as shared library with soname of libwrap0 (version 7.6) +* Sun Jan 11 2004 - adrian@suse.de +- build as user +* Fri Oct 31 2003 - postadal@suse.cz +- fixed invalid warning about "host name mismatch" [#26519, #32772] +* Wed Sep 10 2003 - postadal@suse.cz +- fixed handling patterns ending with period [#27322] +* Sat Mar 15 2003 - kukuk@suse.de +- Don't handle IPv4 netmask as Prefix length [#25409] +* Mon Dec 16 2002 - postadal@suse.cz +- added ip6utils.h to filelist [#22487] +* Fri Dec 13 2002 - postadal@suse.cz +- fixed fix_options function in libwrap.a [#22000] +- included patch ipv6-fix.diff of mludvig@suse.cz to make tcpd work + with IPv4 and mapped IPv4 addresses. [#16162] +- turned off remote username lookups (allways_rfc931) [#22013] +* Thu Jan 10 2002 - cihlar@suse.cz +- use %%{_libdir} +* Tue Nov 20 2001 - cihlar@suse.cz +- fixed SEGFAULT in tcpdchk [#12135] +* Thu Sep 06 2001 - schwab@suse.de +- Compile with -fPIC so that it can be included in a shared library. +* Wed Sep 05 2001 - schwab@suse.de +- Add prototypes for C++. +* Thu Mar 22 2001 - ro@suse.de +- added split-aliases as provides +* Tue Feb 27 2001 - cihlar@suse.cz +- fixed %%files +- clean up spec file +- bzipped sources +* Tue Apr 11 2000 - kukuk@suse.de +- Split from nkitb