diff --git a/tcp_wrappers_7.6-gcc15.patch b/tcp_wrappers_7.6-gcc15.patch new file mode 100644 index 0000000..9625e67 --- /dev/null +++ b/tcp_wrappers_7.6-gcc15.patch @@ -0,0 +1,1425 @@ + +originating from salsa.debian.org/md/tcp-wrappers/-/commit/9268d2f +and adapted to opensuse's source tree + + +--- a/clean_exit.c 2025-04-13 17:35:09.184623622 +0200 ++++ b/clean_exit.c 2025-04-13 19:06:17.345950290 +0200 +@@ -16,14 +16,11 @@ + #include + #include + +-extern void exit(); +- + #include "tcpd.h" + + /* clean_exit - clean up and exit */ + +-void clean_exit(request) +-struct request_info *request; ++void clean_exit(struct request_info *request) + { + + /* +--- a/diag.c 1994-12-28 17:42:20.000000000 +0100 ++++ b/diag.c 2025-04-13 19:48:45.961482260 +0200 +@@ -29,11 +29,7 @@ + + /* tcpd_diag - centralize error reporter */ + +-static void tcpd_diag(severity, tag, format, ap) +-int severity; +-char *tag; +-char *format; +-va_list ap; ++static void tcpd_diag(int severity, char *tag, char *format, va_list ap) + { + char fmt[BUFSIZ]; + +--- a/eval.c 2025-04-13 17:35:09.191195262 +0200 ++++ b/eval.c 2025-04-13 18:19:17.056626207 +0200 +@@ -42,8 +42,7 @@ + + /* eval_user - look up user name */ + +-char *eval_user(request) +-struct request_info *request; ++char *eval_user(struct request_info *request) + { + if (request->user[0] == 0) { + strcpy(request->user, unknown); +@@ -55,8 +54,7 @@ + + /* eval_hostaddr - look up printable address */ + +-char *eval_hostaddr(host) +-struct host_info *host; ++char *eval_hostaddr(struct host_info *host) + { + if (host->addr[0] == 0) { + strcpy(host->addr, unknown); +@@ -68,8 +66,7 @@ + + /* eval_hostname - look up host name */ + +-char *eval_hostname(host) +-struct host_info *host; ++char *eval_hostname(struct host_info *host) + { + if (host->name[0] == 0) { + strcpy(host->name, unknown); +@@ -81,8 +78,7 @@ + + /* eval_hostinfo - return string with host name (preferred) or address */ + +-char *eval_hostinfo(host) +-struct host_info *host; ++char *eval_hostinfo(struct host_info *host) + { + char *hostname; + +@@ -100,8 +96,7 @@ + + /* eval_client - return string with as much about the client as we know */ + +-char *eval_client(request) +-struct request_info *request; ++char *eval_client(struct request_info *request) + { + static char both[2 * STRING_LENGTH]; + char *hostinfo = eval_hostinfo(request->client); +@@ -120,8 +115,7 @@ + + /* eval_server - return string with as much about the server as we know */ + +-char *eval_server(request) +-struct request_info *request; ++char *eval_server(struct request_info *request) + { + static char both[2 * STRING_LENGTH]; + char *host = eval_hostinfo(request->server); +--- a/fakelog.c 2025-04-13 17:35:09.182679931 +0200 ++++ b/fakelog.c 2025-04-13 19:27:08.589294864 +0200 +@@ -17,20 +17,14 @@ + + /* ARGSUSED */ + void +-openlog(name, logopt, facility) +-char *name; +-int logopt; +-int facility; ++openlog(char *name, int logopt, int facility) + { + /* void */ + } + + /* vsyslog - format one record */ + void +-vsyslog(severity, fmt, ap) +-int severity; +-char *fmt; +-va_list ap; ++vsyslog(int severity, char *fmt, va_list ap) + { + char buf[BUFSIZ]; + +--- a/fix_options.c 2025-04-13 17:35:09.183983107 +0200 ++++ b/fix_options.c 2025-04-13 19:23:33.614502268 +0200 +@@ -32,8 +32,7 @@ + + /* fix_options - get rid of IP-level socket options */ + void +-fix_options(request) +-struct request_info *request; ++fix_options(struct request_info *request) + { + #ifdef IP_OPTIONS + unsigned char optbuf[BUFFER_SIZE / 3], *cp; +--- a/hosts_access.c 2025-04-13 17:35:09.218638221 +0200 ++++ b/hosts_access.c 2025-04-13 18:07:35.996555128 +0200 +@@ -40,9 +40,6 @@ + #include + #include + +-extern char *fgets(); +-extern int errno; +- + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ + #endif +@@ -82,16 +79,16 @@ + + /* Forward declarations. */ + +-static int table_match(); +-static int list_match(); +-static int server_match(); +-static int client_match(); +-static int host_match(); +-static int string_match(); +-static int masked_match(); +-static int match_pattern_ylo(); ++static int table_match(char *, struct request_info *); ++static int list_match(char *, struct request_info *, int (*) (char *, struct request_info *)); ++static int server_match(char *, struct request_info *); ++static int client_match(char *, struct request_info *); ++static int host_match(char *, struct host_info *); ++static int string_match(char *, char *); ++static int masked_match(char *, char *, char *); ++static int match_pattern_ylo(const char *, const char *); + #ifdef INET6 +-static void ipv6_mask(); ++static void ipv6_mask(struct in6_addr *, int); + #endif + + /* Size of logical line buffer. */ +@@ -127,8 +124,7 @@ + } + + +-int hosts_access(request) +-struct request_info *request; ++int hosts_access(struct request_info *request) + { + int verdict; + /* +@@ -160,9 +156,7 @@ + + /* table_match - match table entries with (daemon, client) pair */ + +-static int table_match(table, request) +-char *table; +-struct request_info *request; ++static int table_match(char *table, struct request_info *request) + { + FILE *fp; + char sv_list[BUFLEN]; /* becomes list of daemons */ +@@ -220,10 +214,7 @@ + + /* list_match - match a request against a list of patterns with exceptions */ + +-static int list_match(list, request, match_fn) +-char *list; +-struct request_info *request; +-int (*match_fn) (); ++static int list_match(char *list, struct request_info *request, int (*match_fn) (char *, struct request_info *)) + { + char *tok; + +@@ -248,9 +239,7 @@ + + /* server_match - match server information */ + +-static int server_match(tok, request) +-char *tok; +-struct request_info *request; ++static int server_match(char *tok, struct request_info *request) + { + char *host; + +@@ -264,9 +253,7 @@ + + /* client_match - match client information */ + +-static int client_match(tok, request) +-char *tok; +-struct request_info *request; ++static int client_match(char *tok, struct request_info *request) + { + char *host; + +@@ -280,9 +267,7 @@ + + /* hostfile_match - look up host patterns from file */ + +-static int hostfile_match(path, host) +-char *path; +-struct hosts_info *host; ++static int hostfile_match(char *path, struct host_info *host) + { + char tok[BUFSIZ]; + int match = NO; +@@ -368,9 +353,7 @@ + + /* host_match - match host name and/or address against pattern */ + +-static int host_match(tok, host) +-char *tok; +-struct host_info *host; ++static int host_match(char *tok, struct host_info *host) + { + char *mask; + +@@ -433,10 +416,7 @@ + } + } + +-static int masked_match(net_tok, mask_tok, string) +-char *net_tok; +-char *mask_tok; +-char *string; ++static int masked_match(char *net_tok, char *mask_tok, char *string) + { + unsigned long net; + unsigned long mask; +@@ -469,9 +449,7 @@ + * string = textual data of actual client + */ + +-static int string_match(tok, string) +-char *tok; +-char *string; ++static int string_match(char *tok, char *string) + { + int n; + +@@ -572,9 +550,7 @@ + * This function can be made generic by specifying an address length as + * extra parameter. (So Wietse can implement 1.2.3.4/16) + */ +-static void ipv6_mask(in6p, maskbits) +-struct in6_addr *in6p; +-int maskbits; ++static void ipv6_mask(struct in6_addr *in6p, int maskbits) + { + unsigned char *p = (unsigned char*) in6p; + +--- a/hosts_ctl.c 2025-04-13 17:35:09.203047040 +0200 ++++ b/hosts_ctl.c 2025-04-13 19:38:33.106524209 +0200 +@@ -21,11 +21,7 @@ + + /* hosts_ctl - limited interface to the hosts_access() routine */ + +-int hosts_ctl(daemon, name, addr, user) +-char *daemon; +-char *name; +-char *addr; +-char *user; ++int hosts_ctl(char *daemon, char *name, char *addr, char *user) + { + struct request_info request; + +--- a/inetcf.c 2025-04-13 17:35:09.219725097 +0200 ++++ b/inetcf.c 2025-04-13 19:22:21.786131813 +0200 +@@ -16,12 +16,10 @@ + #include + #include + +-extern int errno; +-extern void exit(); +- + #include "tcpd.h" + #include "inetcf.h" + #include "scaffold.h" ++#include "mystdarg.h" + + /* + * Network configuration files may live in unusual places. Here are some +@@ -41,8 +39,8 @@ + 0, + }; + +-static void inet_chk(); +-static char *base_name(); ++static void inet_chk(char *, char *, char *, char *); ++static char *base_name(char *); + + /* + * Structure with everything we know about a service. +@@ -59,8 +57,7 @@ + + /* inet_conf - read in and examine inetd.conf (or tlid.conf) entries */ + +-char *inet_cfg(conf) +-char *conf; ++char *inet_cfg(char *conf) + { + char buf[BUFSIZ]; + FILE *fp = NULL; +@@ -71,7 +68,6 @@ + char *arg0; + char *arg1; + struct tcpd_context saved_context; +- char *percent_m(); + int i; + struct stat st; + +@@ -164,11 +160,7 @@ + + /* inet_chk - examine one inetd.conf (tlid.conf?) entry */ + +-static void inet_chk(protocol, path, arg0, arg1) +-char *protocol; +-char *path; +-char *arg0; +-char *arg1; ++static void inet_chk(char *protocol, char *path, char *arg0, char *arg1) + { + char daemon[BUFSIZ]; + struct stat st; +@@ -275,9 +267,7 @@ + + /* inet_set - remember service status */ + +-void inet_set(name, type) +-char *name; +-int type; ++void inet_set(const char *name, int type) + { + struct inet_ent *ip = + (struct inet_ent *) malloc(sizeof(struct inet_ent) + strlen(name)); +@@ -294,8 +284,7 @@ + + /* inet_get - look up service status */ + +-int inet_get(name) +-char *name; ++int inet_get(const char *name) + { + struct inet_ent *ip; + +@@ -311,8 +300,7 @@ + + /* base_name - compute last pathname component */ + +-static char *base_name(path) +-char *path; ++static char *base_name(char *path) + { + char *cp; + +--- a/inetcf.h 1994-12-28 17:42:30.000000000 +0100 ++++ b/inetcf.h 2025-04-13 19:21:21.433769811 +0200 +@@ -4,9 +4,9 @@ + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + +-extern char *inet_cfg(); /* read inetd.conf file */ +-extern void inet_set(); /* remember internet service */ +-extern int inet_get(); /* look up internet service */ ++extern char *inet_cfg(char *); /* read inetd.conf file */ ++extern void inet_set(const char *, int); /* remember internet service */ ++extern int inet_get(const char *); /* look up internet service */ + + #define WR_UNKNOWN (-1) /* service unknown */ + #define WR_NOT 1 /* may not be wrapped */ +--- a/misc.c 2025-04-13 17:35:09.220058683 +0200 ++++ b/misc.c 2025-04-13 18:51:53.024644410 +0200 +@@ -19,18 +19,13 @@ + + #include "tcpd.h" + +-extern char *fgets(); +- + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ + #endif + + /* xgets - fgets() with backslash-newline stripping */ + +-char *xgets(ptr, len, fp) +-char *ptr; +-int len; +-FILE *fp; ++char *xgets(char *ptr, int len, FILE *fp) + { + int got; + char *start = ptr; +@@ -54,9 +49,7 @@ + + /* split_at - break string at delimiter or return NULL */ + +-char *split_at(string, delimiter) +-char *string; +-int delimiter; ++char *split_at(char *string, int delimiter) + { + char *cp; + +@@ -89,8 +82,7 @@ + + /* dot_quad_addr - convert dotted quad to internal form */ + +-unsigned long dot_quad_addr(str) +-char *str; ++unsigned long dot_quad_addr(char *str) + { + int in_run = 0; + int runs = 0; +@@ -112,8 +104,7 @@ + + /* prefix_to_netmask - convert prefix (0-32) to netmask */ + +-unsigned long prefix_to_netmask(str) +-char *str; ++unsigned long prefix_to_netmask(char *str) + { + unsigned long prefix; + char *endptr; +--- a/mystdarg.h 1994-12-28 17:42:33.000000000 +0100 ++++ b/mystdarg.h 2025-04-13 18:53:54.638794157 +0200 +@@ -16,4 +16,4 @@ + #define VAEND(ap) va_end(ap);} + #endif + +-extern char *percent_m(); ++extern char *percent_m(char *, char *); +--- a/options.c 2025-04-13 17:35:09.210452361 +0200 ++++ b/options.c 2025-04-13 18:14:16.622120064 +0200 +@@ -68,31 +68,31 @@ + static char whitespace_eq[] = "= \t\r\n"; + #define whitespace (whitespace_eq + 1) + +-static char *get_field(); /* chew :-delimited field off string */ +-static char *chop_string(); /* strip leading and trailing blanks */ ++static char *get_field(char *); /* chew :-delimited field off string */ ++static char *chop_string(register char *); /* strip leading and trailing blanks */ + + /* List of functions that implement the options. Add yours here. */ + +-static void user_option(); /* execute "user name.group" option */ +-static void group_option(); /* execute "group name" option */ +-static void umask_option(); /* execute "umask mask" option */ +-static void linger_option(); /* execute "linger time" option */ +-static void keepalive_option(); /* execute "keepalive" option */ +-static void spawn_option(); /* execute "spawn command" option */ +-static void twist_option(); /* execute "twist command" option */ +-static void rfc931_option(); /* execute "rfc931" option */ +-static void setenv_option(); /* execute "setenv name value" */ +-static void nice_option(); /* execute "nice" option */ +-static void severity_option(); /* execute "severity value" */ +-static void allow_option(); /* execute "allow" option */ +-static void deny_option(); /* execute "deny" option */ +-static void banners_option(); /* execute "banners path" option */ ++static void user_option(char *, struct request_info *); /* execute "user name.group" option */ ++static void group_option(char *, struct request_info *); /* execute "group name" option */ ++static void umask_option(char *, struct request_info *); /* execute "umask mask" option */ ++static void linger_option(char *, struct request_info *); /* execute "linger time" option */ ++static void keepalive_option(char *, struct request_info *); /* execute "keepalive" option */ ++static void spawn_option(char *, struct request_info *); /* execute "spawn command" option */ ++static void twist_option(char *, struct request_info *); /* execute "twist command" option */ ++static void rfc931_option(char *, struct request_info *); /* execute "rfc931" option */ ++static void setenv_option(char *, struct request_info *); /* execute "setenv name value" */ ++static void nice_option(char *, struct request_info *); /* execute "nice" option */ ++static void severity_option(char *, struct request_info *); /* execute "severity value" */ ++static void allow_option(char *, struct request_info *); /* execute "allow" option */ ++static void deny_option(char *, struct request_info *); /* execute "deny" option */ ++static void banners_option(char *, struct request_info *); /* execute "banners path" option */ + + /* Structure of the options table. */ + + struct option { + char *name; /* keyword name, case is ignored */ +- void (*func) (); /* function that does the real work */ ++ void (*func) (char *, struct request_info *); /* function that does the real work */ + int flags; /* see below... */ + }; + +@@ -129,9 +129,7 @@ + + /* process_options - process access control options */ + +-void process_options(options, request) +-char *options; +-struct request_info *request; ++void process_options(char *options, struct request_info *request) + { + char *key; + char *value; +@@ -195,9 +193,7 @@ + + /* ARGSUSED */ + +-static void allow_option(value, request) +-char *value; +-struct request_info *request; ++static void allow_option(char *value, struct request_info *request) + { + longjmp(tcpd_buf, AC_PERMIT); + } +@@ -206,18 +202,14 @@ + + /* ARGSUSED */ + +-static void deny_option(value, request) +-char *value; +-struct request_info *request; ++static void deny_option(char *value, struct request_info *request) + { + longjmp(tcpd_buf, AC_DENY); + } + + /* banners_option - expand %, terminate each line with CRLF */ + +-static void banners_option(value, request) +-char *value; +-struct request_info *request; ++static void banners_option(char *value, struct request_info *request) + { + char path[MAXPATHNAMELEN]; + char ibuf[BUFSIZ]; +@@ -247,12 +239,9 @@ + + /* ARGSUSED */ + +-static void group_option(value, request) +-char *value; +-struct request_info *request; ++static void group_option(char *value, struct request_info *request) + { + struct group *grp; +- struct group *getgrnam(); + + if ((grp = getgrnam(value)) == 0) + tcpd_jump("unknown group: \"%s\"", value); +@@ -266,12 +255,9 @@ + + /* ARGSUSED */ + +-static void user_option(value, request) +-char *value; +-struct request_info *request; ++static void user_option(char *value, struct request_info *request) + { + struct passwd *pwd; +- struct passwd *getpwnam(); + char *group; + + if ((group = split_at(value, '.')) != 0) +@@ -288,9 +274,7 @@ + + /* ARGSUSED */ + +-static void umask_option(value, request) +-char *value; +-struct request_info *request; ++static void umask_option(char *value, struct request_info *request) + { + unsigned mask; + char junk; +@@ -304,9 +288,7 @@ + + /* ARGSUSED */ + +-static void spawn_option(value, request) +-char *value; +-struct request_info *request; ++static void spawn_option(char *value, struct request_info *request) + { + if (dry_run == 0) + shell_cmd(value); +@@ -316,9 +298,7 @@ + + /* ARGSUSED */ + +-static void linger_option(value, request) +-char *value; +-struct request_info *request; ++static void linger_option(char *value, struct request_info *request) + { + struct linger linger; + char junk; +@@ -338,9 +318,7 @@ + + /* ARGSUSED */ + +-static void keepalive_option(value, request) +-char *value; +-struct request_info *request; ++static void keepalive_option(char *value, struct request_info *request) + { + static int on = 1; + +@@ -353,9 +331,7 @@ + + /* ARGSUSED */ + +-static void nice_option(value, request) +-char *value; +-struct request_info *request; ++static void nice_option(char *value, struct request_info *request) + { + int niceval = 10; + char junk; +@@ -368,9 +344,7 @@ + + /* twist_option - replace process by shell command */ + +-static void twist_option(value, request) +-char *value; +-struct request_info *request; ++static void twist_option(char *value, struct request_info *request) + { + char *error; + +@@ -406,9 +380,7 @@ + + /* rfc931_option - look up remote user name */ + +-static void rfc931_option(value, request) +-char *value; +-struct request_info *request; ++static void rfc931_option(char *value, struct request_info *request) + { + int timeout; + char junk; +@@ -425,9 +397,7 @@ + + /* ARGSUSED */ + +-static void setenv_option(value, request) +-char *value; +-struct request_info *request; ++static void setenv_option(char *value, struct request_info *request) + { + char *var_value; + +@@ -532,9 +502,7 @@ + + /* severity_map - lookup facility or severity value */ + +-static int severity_map(table, name) +-struct syslog_names *table; +-char *name; ++static int severity_map(struct syslog_names *table, char *name) + { + struct syslog_names *t; + +@@ -550,9 +518,7 @@ + + /* ARGSUSED */ + +-static void severity_option(value, request) +-char *value; +-struct request_info *request; ++static void severity_option(char *value, struct request_info *request) + { + char *level = split_at(value, '.'); + +@@ -563,8 +529,7 @@ + + /* get_field - return pointer to next field in string */ + +-static char *get_field(string) +-char *string; ++static char *get_field(char *string) + { + static char *last = ""; + char *src; +@@ -606,8 +571,7 @@ + + /* chop_string - strip leading and trailing blanks from string */ + +-static char *chop_string(string) +-register char *string; ++static char *chop_string(register char *string) + { + char *start = 0; + char *end; +--- a/percent_m.c 2025-04-13 17:35:09.200173153 +0200 ++++ b/percent_m.c 2025-04-13 18:58:24.613902796 +0200 +@@ -12,7 +12,6 @@ + #include + #include + +-extern int errno; + #if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR) + extern char *sys_errlist[]; + extern int sys_nerr; +@@ -20,9 +19,7 @@ + + #include "mystdarg.h" + +-char *percent_m(obuf, ibuf) +-char *obuf; +-char *ibuf; ++char *percent_m(char *obuf, char *ibuf) + { + char *bp = obuf; + char *cp = ibuf; +--- a/percent_x.c 2025-04-13 17:35:09.186727574 +0200 ++++ b/percent_x.c 2025-04-13 19:00:17.768027613 +0200 +@@ -17,24 +17,19 @@ + /* System libraries. */ + + #include ++#include + #include + #include + #include + #include + +-extern void exit(); +- + /* Local stuff. */ + + #include "tcpd.h" + + /* percent_x - do % expansion, abort if result buffer is too small */ + +-char *percent_x(result, result_len, string, request) +-char *result; +-int result_len; +-char *string; +-struct request_info *request; ++char *percent_x(char *result, int result_len, char *string, struct request_info *request) + { + char *bp = result; + char *end = result + result_len - 1; /* end of result buffer */ +--- a/refuse.c 2025-04-13 17:35:09.166132201 +0200 ++++ b/refuse.c 2025-04-13 19:38:49.077128754 +0200 +@@ -22,8 +22,7 @@ + + /* refuse - refuse request */ + +-void refuse(request) +-struct request_info *request; ++void refuse(struct request_info *request) + { + #ifdef INET6 + syslog(deny_severity, "refused connect from %s (%s)", +--- a/rfc931.c 2025-04-13 17:35:09.212257350 +0200 ++++ b/rfc931.c 2025-04-13 19:41:49.220940689 +0200 +@@ -37,10 +37,7 @@ + + /* fsocket - open stdio stream on top of socket */ + +-static FILE *fsocket(domain, type, protocol) +-int domain; +-int type; +-int protocol; ++static FILE *fsocket(int domain, int type, int protocol) + { + int s; + FILE *fp; +@@ -59,8 +56,7 @@ + + /* timeout - handle timeouts */ + +-static void timeout(sig) +-int sig; ++static void timeout(int sig) + { + siglongjmp(timebuf, sig); + } +@@ -118,10 +114,7 @@ + + /* rfc931 - return remote user name, given socket structures */ + +-void rfc931(rmt_sin, our_sin, dest) +-struct sockaddr_storage *rmt_sin; +-struct sockaddr_storage *our_sin; +-char *dest; ++void rfc931(struct sockaddr_storage *rmt_sin, struct sockaddr_storage *our_sin, char *dest) + { + unsigned rmt_port; + unsigned our_port; +--- a/safe_finger.c 2025-04-13 17:35:09.220235784 +0200 ++++ b/safe_finger.c 2025-04-13 19:49:41.939871660 +0200 +@@ -30,8 +30,6 @@ + #include + #include + +-extern void exit(); +- + /* Local stuff */ + + char path[] = "PATH=/bin:/usr/bin:/usr/sbin"; +@@ -45,18 +43,15 @@ + + int finger_pid; + +-void cleanup(sig) +-int sig; ++void cleanup(int sig) + { + kill(finger_pid, SIGKILL); + exit(0); + } + +-static int pipe_stdin(); ++static int pipe_stdin(char **); + +-int main(argc, argv) +-int argc; +-char **argv; ++int main(int argc, char **argv) + { + int c; + int line_length = 0; +@@ -140,8 +135,7 @@ + + /* perror_exit - report system error text and terminate */ + +-void perror_exit(text) +-char *text; ++void perror_exit(char *text) + { + perror(text); + exit(1); +@@ -149,8 +143,7 @@ + + /* pipe_stdin - pipe stdin through program (from my ANSI to OLD C converter) */ + +-int pipe_stdin(argv) +-char **argv; ++int pipe_stdin(char **argv) + { + int pipefds[2]; + int pid; +--- a/scaffold.c 2025-04-13 17:35:09.218121044 +0200 ++++ b/scaffold.c 2025-04-13 19:36:15.386989965 +0200 +@@ -45,8 +45,7 @@ + + /* dup_hostent - create hostent in one memory block */ + +-static struct hostent *dup_hostent(hp) +-struct hostent *hp; ++static struct hostent *dup_hostent(struct hostent *hp) + { + struct hostent_block { + struct hostent host; +@@ -89,8 +88,7 @@ + #if defined(INET6) && !defined(USE_GETIPNODEBY) + /* merge_hostent - merge hostent in one memory block */ + +-static struct hostent *merge_hostent(hp1, hp2) +-struct hostent *hp1, *hp2; ++static struct hostent *merge_hostent(struct hostent *hp1, struct hostent *hp2) + { + struct hostent_block { + struct hostent host; +@@ -135,8 +133,7 @@ + } + #endif + +-static struct hostent *gethostbyname64(host) +-char *host; ++static struct hostent *gethostbyname64(char *host) + { + struct hostent *hp, *hp2; + #ifdef USE_GETIPNODEBY +@@ -181,8 +178,7 @@ + + /* find_inet_addr - find all addresses for this host, result to free() */ + +-struct hostent *find_inet_addr(host) +-char *host; ++struct hostent *find_inet_addr(char *host) + { + struct in_addr addr; + struct hostent *hp; +@@ -249,8 +245,7 @@ + + /* check_dns - give each address thorough workout, return address count */ + +-int check_dns(host) +-char *host; ++int check_dns(char *host) + { + struct request_info request; + #ifdef INET6 +@@ -313,8 +308,7 @@ + + /* ARGSUSED */ + +-void shell_cmd(command) +-char *command; ++void shell_cmd(char *command) + { + if (hosts_access_verbose) + printf("command: %s", command); +@@ -324,8 +318,7 @@ + + /* ARGSUSED */ + +-void clean_exit(request) +-struct request_info *request; ++void clean_exit(struct request_info *request) + { + exit(0); + } +@@ -334,19 +327,14 @@ + + /* ARGSUSED */ + +-void rfc931(rmt_sin, our_sin, dest) +-struct sockaddr_storage *rmt_sin; +-struct sockaddr_storage *our_sin; +-char *dest; ++void rfc931(struct sockaddr_storage *rmt_sin, struct sockaddr_storage *our_sin, char *dest) + { + strcpy(dest, unknown); + } + + /* check_path - examine accessibility */ + +-int check_path(path, st) +-char *path; +-struct stat *st; ++int check_path(char *path, struct stat *st) + { + struct stat stbuf; + char buf[BUFSIZ]; +--- a/scaffold.h 1994-12-31 18:19:20.000000000 +0100 ++++ b/scaffold.h 2025-04-13 19:19:46.118896178 +0200 +@@ -4,6 +4,6 @@ + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + +-extern struct hostent *find_inet_addr(); +-extern int check_dns(); +-extern int check_path(); ++extern struct hostent *find_inet_addr(char *); ++extern int check_dns(char *); ++extern int check_path(char *, struct stat *); +--- a/shell_cmd.c 2025-04-13 17:35:09.196285771 +0200 ++++ b/shell_cmd.c 2025-04-13 18:17:03.725193195 +0200 +@@ -30,15 +30,13 @@ + #include + #include + +-extern void exit(); +- + /* Local stuff. */ + + #include "tcpd.h" + + /* Forward declarations. */ + +-static void do_child(); ++static void do_child(char *); + + /* + * The sigchld handler. If there is a SIGCHLD caused by a child other than +@@ -54,8 +52,7 @@ + + /* shell_cmd - execute shell command */ + +-void shell_cmd(command) +-char *command; ++void shell_cmd(char *command) + { + int child_pid; + +@@ -111,8 +108,7 @@ + + /* do_child - exec command with { stdin, stdout, stderr } to /dev/null */ + +-static void do_child(command) +-char *command; ++static void do_child(char *command) + { + char *error; + int tmp_fd; +--- a/socket.c 2025-04-13 17:35:09.220371391 +0200 ++++ b/socket.c 2025-04-13 19:12:14.116912677 +0200 +@@ -32,15 +32,13 @@ + #include + #include + +-extern char *inet_ntoa(); +- + /* Local stuff. */ + + #include "tcpd.h" + + /* Forward declarations. */ + +-static void sock_sink(); ++static void sock_sink(int); + + #ifdef APPEND_DOT + +@@ -50,8 +48,7 @@ + * that lack DNS-style trailing dot magic, such as local files or NIS maps. + */ + +-static struct hostent *gethostbyname_dot(name) +-char *name; ++static struct hostent *gethostbyname_dot(char *name) + { + char dot_name[MAXHOSTNAMELEN + 1]; + struct hostent *hp; +@@ -78,8 +75,7 @@ + + /* sock_host - look up endpoint addresses and install conversion methods */ + +-void sock_host(request) +-struct request_info *request; ++void sock_host(struct request_info *request) + { + #ifdef INET6 + static struct sockaddr_storage client; +@@ -136,8 +132,7 @@ + + /* sock_hostnofd - look up endpoint addresses and install conversion methods */ + +-void sock_hostnofd(request) +-struct request_info *request; ++void sock_hostnofd(struct request_info *request) + { + static struct sockaddr_storage client; + struct addrinfo hints, *res; +@@ -181,8 +176,7 @@ + + /* sock_hostaddr - map endpoint address to printable form */ + +-void sock_hostaddr(host) +-struct host_info *host; ++void sock_hostaddr(struct host_info *host) + { + #ifdef INET6 + struct sockaddr *sin = (struct sockaddr *) host->sin; +@@ -341,8 +335,7 @@ + return; + } + #else /* INET6 */ +-void sock_hostname(host) +-struct host_info *host; ++void sock_hostname(struct host_info *host) + { + struct sockaddr_in *sin = host->sin; + struct hostent *hp; +@@ -428,8 +421,7 @@ + + /* sock_sink - absorb unreceived IP datagram */ + +-static void sock_sink(fd) +-int fd; ++static void sock_sink(int fd) + { + char buf[BUFSIZ]; + #ifdef INET6 +--- a/tcpd.c 2025-04-13 17:35:09.220513095 +0200 ++++ b/tcpd.c 2025-04-13 18:15:58.706312591 +0200 +@@ -42,9 +42,7 @@ + int allow_severity = SEVERITY; /* run-time adjustable */ + int deny_severity = LOG_WARNING; /* ditto */ + +-int main(argc, argv) +-int argc; +-char **argv; ++int main(int argc, char **argv) + { + struct request_info request; + char path[MAXPATHNAMELEN]; +--- a/tcpd.h 2025-04-13 17:35:09.220642202 +0200 ++++ b/tcpd.h 2025-04-13 19:10:43.852286372 +0200 +@@ -33,9 +33,9 @@ + char pid[10]; /* access via eval_pid(request) */ + struct host_info client[1]; /* client endpoint info */ + struct host_info server[1]; /* server endpoint info */ +- void (*sink) (); /* datagram sink function or 0 */ +- void (*hostname) (); /* address to printable hostname */ +- void (*hostaddr) (); /* address to printable address */ ++ void (*sink) (int); /* datagram sink function or 0 */ ++ void (*hostname) (struct host_info *); /* address to printable hostname */ ++ void (*hostaddr) (struct host_info *); /* address to printable address */ + void (*cleanup) (); /* cleanup function or 0 */ + struct netconfig *config; /* netdir handle */ + }; +--- a/tcpdchk.c 2025-04-13 17:35:09.209889684 +0200 ++++ b/tcpdchk.c 2025-04-13 19:51:02.113872277 +0200 +@@ -36,11 +36,6 @@ + #include + #include + +-extern int errno; +-extern void exit(); +-extern int optind; +-extern char *optarg; +- + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ + #endif +@@ -71,15 +66,15 @@ + /* + * Local stuff. + */ +-static void usage(); +-static void parse_table(); +-static void print_list(); +-static void check_daemon_list(); +-static void check_client_list(); +-static void check_daemon(); +-static void check_user(); +-static int check_host(); +-static int reserved_name(); ++static void usage(void); ++static void parse_table(char *table, struct request_info *); ++static void print_list(char *, char *); ++static void check_daemon_list(char *); ++static void check_client_list(char *); ++static void check_daemon(char *); ++static void check_user(char *); ++static int check_host(char *); ++static int reserved_name(char *); + + #define PERMIT 1 + #define DENY 0 +@@ -92,9 +87,7 @@ + static int allow_check; + static char *inetcf; + +-int main(argc, argv) +-int argc; +-char **argv; ++int main(int argc, char **argv) + { + struct request_info request; + struct stat st; +@@ -183,7 +176,7 @@ + + /* usage - explain */ + +-static void usage() ++static void usage(void) + { + fprintf(stderr, "usage: %s [-a] [-d] [-i inet_conf] [-v]\n", myname); + fprintf(stderr, " -a: report rules with implicit \"ALLOW\" at end\n"); +@@ -195,9 +188,7 @@ + + /* parse_table - like table_match(), but examines _all_ entries */ + +-static void parse_table(table, request) +-char *table; +-struct request_info *request; ++static void parse_table(char *table, struct request_info *request) + { + FILE *fp; + int real_verdict; +@@ -271,9 +262,7 @@ + + /* print_list - pretty-print a list */ + +-static void print_list(title, list) +-char *title; +-char *list; ++static void print_list(char *title, char *list) + { + char buf[BUFLEN]; + char *cp; +@@ -293,8 +282,7 @@ + + /* check_daemon_list - criticize daemon list */ + +-static void check_daemon_list(list) +-char *list; ++static void check_daemon_list(char *list) + { + char buf[BUFLEN]; + char *cp; +@@ -321,8 +309,7 @@ + + /* check_client_list - criticize client list */ + +-static void check_client_list(list) +-char *list; ++static void check_client_list(char *list) + { + char buf[BUFLEN]; + char *cp; +@@ -350,8 +337,7 @@ + + /* check_daemon - criticize daemon pattern */ + +-static void check_daemon(pat) +-char *pat; ++static void check_daemon(char *pat) + { + if (pat[0] == '@') { + tcpd_warn("%s: daemon name begins with \"@\"", pat); +@@ -382,8 +368,7 @@ + + /* check_user - criticize user pattern */ + +-static void check_user(pat) +-char *pat; ++static void check_user(char *pat) + { + if (pat[0] == '@') { /* @netgroup */ + tcpd_warn("%s: user name begins with \"@\"", pat); +@@ -403,8 +388,7 @@ + } + + #ifdef INET6 +-static int is_inet6_addr(pat) +- char *pat; ++static int is_inet6_addr(char *pat) + { + struct in6_addr addr; + int len, ret; +@@ -424,8 +408,7 @@ + + /* check_host - criticize host pattern */ + +-static int check_host(pat) +-char *pat; ++static int check_host(char *pat) + { + char *mask; + int addr_count = 1; +@@ -489,8 +472,7 @@ + + /* reserved_name - determine if name is reserved */ + +-static int reserved_name(pat) +-char *pat; ++static int reserved_name(char *pat) + { + return (STR_EQ(pat, unknown) + || STR_EQ(pat, "KNOWN") +--- a/tcpdmatch.c 2025-04-13 17:35:09.208391423 +0200 ++++ b/tcpdmatch.c 2025-04-13 19:17:11.770513086 +0200 +@@ -32,10 +32,6 @@ + #include + #include + +-extern void exit(); +-extern int optind; +-extern char *optarg; +- + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ + #endif +@@ -50,14 +46,12 @@ + #include "inetcf.h" + #include "scaffold.h" + +-static void usage(); +-static void tcpdmatch(); ++static void usage(char *); ++static void tcpdmatch(struct request_info *); + + /* The main program */ + +-int main(argc, argv) +-int argc; +-char **argv; ++int main(int argc, char **argv) + { + struct hostent *hp; + char *myname = argv[0]; +@@ -310,8 +304,7 @@ + + /* Explain how to use this program */ + +-static void usage(myname) +-char *myname; ++static void usage(char *myname) + { + fprintf(stderr, "usage: %s [-d] [-i inet_conf] daemon[@host] [user@]host\n", + myname); +@@ -322,10 +315,7 @@ + + /* Print interesting expansions */ + +-static void expand(text, pattern, request) +-char *text; +-char *pattern; +-struct request_info *request; ++static void expand(char *text, char *pattern, struct request_info *request) + { + char buf[BUFSIZ]; + +@@ -335,8 +325,7 @@ + + /* Try out a (server,client) pair */ + +-static void tcpdmatch(request) +-struct request_info *request; ++static void tcpdmatch(struct request_info *request) + { + int verdict; + +--- a/tli-sequent.c 1994-12-28 17:42:51.000000000 +0100 ++++ b/tli-sequent.c 2025-04-13 19:07:55.199519987 +0200 +@@ -45,12 +45,11 @@ + /* Forward declarations. */ + + static char *tli_error(); +-static void tli_sink(); ++static void tli_sink(int); + + /* tli_host - determine endpoint info */ + +-int tli_host(request) +-struct request_info *request; ++int tli_host(struct request_info *request) + { + static struct sockaddr_in client; + static struct sockaddr_in server; +@@ -168,8 +167,7 @@ + + /* tli_sink - absorb unreceived datagram */ + +-static void tli_sink(fd) +-int fd; ++static void tli_sink(int fd) + { + struct t_unitdata *unit; + int flags; +--- a/try-from.c 2025-04-13 17:35:09.220772438 +0200 ++++ b/try-from.c 2025-04-13 19:42:57.714051842 +0200 +@@ -37,9 +37,7 @@ + int allow_severity = SEVERITY; /* run-time adjustable */ + int deny_severity = LOG_WARNING; /* ditto */ + +-int main(argc, argv) +-int argc; +-char **argv; ++int main(int argc, char **argv) + { + struct request_info request; + char buf[BUFSIZ]; +--- a/update.c 2025-04-13 17:35:09.212851407 +0200 ++++ b/update.c 2025-04-13 19:25:35.002561939 +0200 +@@ -31,9 +31,7 @@ + + /* request_fill - request update engine */ + +-static struct request_info *request_fill(request, ap) +-struct request_info *request; +-va_list ap; ++static struct request_info *request_fill(struct request_info *request, va_list ap) + { + int key; + char *ptr; +--- a/workarounds.c 2025-04-13 17:35:09.167740080 +0200 ++++ b/workarounds.c 2025-04-13 19:25:04.000250108 +0200 +@@ -77,10 +77,7 @@ + + #undef fgets + +-char *fix_fgets(buf, len, fp) +-char *buf; +-int len; +-FILE *fp; ++char *fix_fgets(char *buf, int len, FILE *fp) + { + char *cp = buf; + int c; +@@ -160,10 +157,7 @@ + + #undef getpeername + +-int fix_getpeername(sock, sa, len) +-int sock; +-struct sockaddr *sa; +-int *len; ++int fix_getpeername(int sock, struct sockaddr *sa, int *len) + { + int ret; + #ifdef INET6 +@@ -291,9 +285,7 @@ + + #ifdef LIBC_CALLS_STRTOK + +-char *my_strtok(buf, sep) +-char *buf; +-char *sep; ++char *my_strtok(char *buf, char *sep) + { + static char *state; + char *result; diff --git a/tcpd-check-finger-presence.patch b/tcpd-check-finger-presence.patch new file mode 100644 index 0000000..093b0d0 --- /dev/null +++ b/tcpd-check-finger-presence.patch @@ -0,0 +1,31 @@ +Index: tcp_wrappers_7.6/safe_finger.c +=================================================================== +--- tcp_wrappers_7.6.orig/safe_finger.c ++++ tcp_wrappers_7.6/safe_finger.c +@@ -32,12 +32,10 @@ static char sccsid[] = "@(#) safe_finger + + /* Local stuff */ + +-char path[] = "PATH=/bin:/usr/bin:/usr/sbin"; +- + #define TIME_LIMIT 60 /* Do not keep listinging forever */ + #define INPUT_LENGTH 100000 /* Do not keep listinging forever */ + #define LINE_LENGTH 128 /* Editors can choke on long lines */ +-#define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */ ++#define FINGER_PROGRAM "/usr/bin/finger" /* Most, if not all, UNIX systems */ + #define UNPRIV_NAME "nobody" /* Preferred privilege level */ + #define UNPRIV_UGID 32767 /* Default uid and gid */ + +@@ -76,9 +74,9 @@ int main(int argc, char **argv) + /* + * Redirect our standard input through the raw finger command. + */ +- if (putenv(path)) { +- fprintf(stderr, "%s: putenv: out of memory", argv[0]); +- exit(1); ++ if (access(FINGER_PROGRAM, X_OK) != 0) { ++ printf("Can not execute " FINGER_PROGRAM ". Please install 'finger' package.\n"); ++ return 1; + } + argv[0] = FINGER_PROGRAM; + finger_pid = pipe_stdin(argv); diff --git a/tcpd.changes b/tcpd.changes index b63a2bc..aeb3def 100644 --- a/tcpd.changes +++ b/tcpd.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Mon Jun 30 09:17:56 UTC 2025 - pgajdos@suse.com + +- readd safe_finger [bsc#1241401] +- added patches + check whether finger is present + + tcpd-check-finger-presence.patch + +------------------------------------------------------------------- +Tue Apr 22 11:20:12 UTC 2025 - pgajdos@suse.com + +- remove safe_finger as it calls dropped figner [bsc#1241401] + +------------------------------------------------------------------- +Mon Apr 14 10:55:39 UTC 2025 - Friedrich Haubensak + +- drop -std=gnu11, add tcp_wrappers_7.6-gcc15.patch, adapted from + debian, to support dependant packages such as quota or rpcbind + +------------------------------------------------------------------- +Sun Apr 13 15:02:17 UTC 2025 - Friedrich Haubensak + +- compile w/ -std=gnu11 to fix gcc15 compile time error, and to + still allow build on Leap 15.6 + +------------------------------------------------------------------- +Mon Nov 11 11:04:24 UTC 2024 - Thorsten Kukuk + +- hosts.allow/hosts.deny: remove executable bit + ------------------------------------------------------------------- Tue May 14 08:10:05 UTC 2024 - pgajdos@suse.com diff --git a/tcpd.spec b/tcpd.spec index b3589a1..f9da1e8 100644 --- a/tcpd.spec +++ b/tcpd.spec @@ -1,7 +1,7 @@ # # spec file for package tcpd # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -65,6 +65,9 @@ Patch32: tcp_wrappers_%{version}-ipv6-host-match.patch Patch33: tcp_wrappers_%{version}-ipv6-mapped-v4.patch Patch34: tcp_wrappers_%{version}-ipv6.fix.fix3.diff Patch35: tcp_wrappers_%{version}-gcc14.patch +Patch36: tcp_wrappers_%{version}-gcc15.patch +# check whether finger is present +Patch37: tcpd-check-finger-presence.patch BuildRequires: linux-kernel-headers Provides: nkitb:%{_sbindir}/tcpd # bug437293 @@ -139,6 +142,8 @@ to compile and link programs against the TCP wrapper library. %patch -P 33 -p1 %patch -P 34 %patch -P 35 -p1 +%patch -P 36 -p1 +%patch -P 37 -p1 %build %global _lto_cflags %{_lto_cflags} -ffat-lto-objects @@ -161,7 +166,7 @@ ln -sf libwrap.so.0.%{version} %{buildroot}/%{_libdir}/libwrap.so.0 ln -sf libwrap.so.0.%{version} %{buildroot}/%{_libdir}/libwrap.so mkdir -p %{buildroot}%{_sysconfdir} for i in hosts.allow hosts.deny; do - install $RPM_SOURCE_DIR/$i %{buildroot}/%{_sysconfdir} + install -m 644 $RPM_SOURCE_DIR/$i %{buildroot}/%{_sysconfdir} done %post -n %{lname} -p /sbin/ldconfig