auto-import changelog data from tcp_wrappers-7.6-18.src.rpm
Mon Feb 05 2001 Preston Brown <pbrown@redhat.com> - fix gethostbyname to work better with dot "." notation (#16949) Sat Dec 30 2000 Jeff Johnson <jbj@redhat.com> - permit hosts.{allow,deny} to be assembled from included components (#17795). - permit '*' and '?' wildcard matches on hostnames (#17847).
This commit is contained in:
parent
2ce06a00d0
commit
9200525651
54
tcp_wrappers-7.6-bug17795.patch
Normal file
54
tcp_wrappers-7.6-bug17795.patch
Normal file
@ -0,0 +1,54 @@
|
||||
--- tcp_wrappers_7.6/hosts_access.c Wed Feb 12 03:13:23 1997
|
||||
+++ tcp_wrappers/hosts_access.c Wed Jul 19 08:37:02 2000
|
||||
@@ -240,6 +255,26 @@
|
||||
}
|
||||
}
|
||||
|
||||
+/* hostfile_match - look up host patterns from file */
|
||||
+
|
||||
+static int hostfile_match(path, host)
|
||||
+char *path;
|
||||
+struct hosts_info *host;
|
||||
+{
|
||||
+ char tok[BUFSIZ];
|
||||
+ int match = NO;
|
||||
+ FILE *fp;
|
||||
+
|
||||
+ if ((fp = fopen(path, "r")) != 0) {
|
||||
+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
|
||||
+ /* void */ ;
|
||||
+ fclose(fp);
|
||||
+ } else if (errno != ENOENT) {
|
||||
+ tcpd_warn("open %s: %m", path);
|
||||
+ }
|
||||
+ return (match);
|
||||
+}
|
||||
+
|
||||
/* host_match - match host name and/or address against pattern */
|
||||
|
||||
static int host_match(tok, host)
|
||||
@@ -267,6 +302,8 @@
|
||||
tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
|
||||
return (NO);
|
||||
#endif
|
||||
+ } else if (tok[0] == '/') { /* /file hack */
|
||||
+ return (hostfile_match(tok, host));
|
||||
} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
|
||||
char *name = eval_hostname(host);
|
||||
return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
|
||||
--- tcp_wrappers_7.6/hosts_access.5 Mon Jan 30 20:51:47 1995
|
||||
+++ tcp_wrappers.new/hosts_access.5 Wed Sep 20 22:24:29 2000
|
||||
@@ -89,6 +89,13 @@
|
||||
bitwise AND of the address and the `mask\'. For example, the net/mask
|
||||
pattern `131.155.72.0/255.255.254.0\' matches every address in the
|
||||
range `131.155.72.0\' through `131.155.73.255\'.
|
||||
+.IP \(bu
|
||||
+A string that begins with a `/\' character is treated as a file
|
||||
+name. A host name or address is matched if it matches any host name
|
||||
+or address pattern listed in the named file. The file format is
|
||||
+zero or more lines with zero or more host name or address patterns
|
||||
+separated by whitespace. A file name pattern can be used anywhere
|
||||
+a host name or address pattern can be used.
|
||||
.SH WILDCARDS
|
||||
The access control language supports explicit wildcards:
|
||||
.IP ALL
|
101
tcp_wrappers-7.6-bug17847.patch
Normal file
101
tcp_wrappers-7.6-bug17847.patch
Normal file
@ -0,0 +1,101 @@
|
||||
diff -uNr tcp_wrappers_7.6/hosts_access.5 tcp_wrappers_7.6.new/hosts_access.5
|
||||
--- tcp_wrappers_7.6/hosts_access.5 Fri Sep 22 21:29:24 2000
|
||||
+++ tcp_wrappers_7.6.new/hosts_access.5 Fri Sep 22 21:28:44 2000
|
||||
@@ -96,6 +96,10 @@
|
||||
zero or more lines with zero or more host name or address patterns
|
||||
separated by whitespace. A file name pattern can be used anywhere
|
||||
a host name or address pattern can be used.
|
||||
+.IP \(bu
|
||||
+Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
|
||||
+method of matching cannot be used in conjunction with `net/mask\' matching,
|
||||
+hostname matching beginning with `.\' or IP address matching ending with `.\'.
|
||||
.SH WILDCARDS
|
||||
The access control language supports explicit wildcards:
|
||||
.IP ALL
|
||||
diff -uNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.new/hosts_access.c
|
||||
--- tcp_wrappers_7.6/hosts_access.c Fri Sep 22 21:29:24 2000
|
||||
+++ tcp_wrappers_7.6.new/hosts_access.c Fri Sep 22 21:18:09 2000
|
||||
@@ -311,6 +311,11 @@
|
||||
{
|
||||
int n;
|
||||
|
||||
+#ifndef DISABLE_WILDCARD_MATCHING
|
||||
+ if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */
|
||||
+ return (match_pattern_ylo(string,tok));
|
||||
+ } else
|
||||
+#endif
|
||||
if (tok[0] == '.') { /* suffix */
|
||||
n = strlen(string) - strlen(tok);
|
||||
return (n > 0 && STR_EQ(tok, string + n));
|
||||
@@ -351,3 +356,71 @@
|
||||
}
|
||||
return ((addr & mask) == net);
|
||||
}
|
||||
+
|
||||
+#ifndef DISABLE_WILDCARD_MATCHING
|
||||
+/* Note: this feature has been adapted in a pretty straightforward way
|
||||
+ from Tatu Ylonen's last SSH version under free license by
|
||||
+ Pekka Savola <pekkas@netcore.fi>.
|
||||
+
|
||||
+ Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
+*/
|
||||
+
|
||||
+/* Returns true if the given string matches the pattern (which may contain
|
||||
+ ? and * as wildcards), and zero if it does not match. */
|
||||
+
|
||||
+int match_pattern_ylo(const char *s, const char *pattern)
|
||||
+{
|
||||
+ while (1)
|
||||
+ {
|
||||
+ /* If at end of pattern, accept if also at end of string. */
|
||||
+ if (!*pattern)
|
||||
+ return !*s;
|
||||
+
|
||||
+ /* Process '*'. */
|
||||
+ if (*pattern == '*')
|
||||
+ {
|
||||
+ /* Skip the asterisk. */
|
||||
+ pattern++;
|
||||
+
|
||||
+ /* If at end of pattern, accept immediately. */
|
||||
+ if (!*pattern)
|
||||
+ return 1;
|
||||
+
|
||||
+ /* If next character in pattern is known, optimize. */
|
||||
+ if (*pattern != '?' && *pattern != '*')
|
||||
+ {
|
||||
+ /* Look instances of the next character in pattern, and try
|
||||
+ to match starting from those. */
|
||||
+ for (; *s; s++)
|
||||
+ if (*s == *pattern &&
|
||||
+ match_pattern_ylo(s + 1, pattern + 1))
|
||||
+ return 1;
|
||||
+ /* Failed. */
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /* Move ahead one character at a time and try to match at each
|
||||
+ position. */
|
||||
+ for (; *s; s++)
|
||||
+ if (match_pattern_ylo(s, pattern))
|
||||
+ return 1;
|
||||
+ /* Failed. */
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /* There must be at least one more character in the string. If we are
|
||||
+ at the end, fail. */
|
||||
+ if (!*s)
|
||||
+ return 0;
|
||||
+
|
||||
+ /* Check if the next character of the string is acceptable. */
|
||||
+ if (*pattern != '?' && *pattern != *s)
|
||||
+ return 0;
|
||||
+
|
||||
+ /* Move to the next character, both in string and in pattern. */
|
||||
+ s++;
|
||||
+ pattern++;
|
||||
+ }
|
||||
+ /*NOTREACHED*/
|
||||
+}
|
||||
+#endif /* DISABLE_WILDCARD_MATCHING */
|
27
tcp_wrappers-7.6-fixgethostbyname.patch
Normal file
27
tcp_wrappers-7.6-fixgethostbyname.patch
Normal file
@ -0,0 +1,27 @@
|
||||
--- tcp_wrappers_7.6/socket.c.fixgethostbyname Fri Mar 21 13:27:25 1997
|
||||
+++ tcp_wrappers_7.6/socket.c Mon Feb 5 14:09:40 2001
|
||||
@@ -52,7 +52,8 @@
|
||||
char *name;
|
||||
{
|
||||
char dot_name[MAXHOSTNAMELEN + 1];
|
||||
-
|
||||
+ struct hostent *hp;
|
||||
+
|
||||
/*
|
||||
* Don't append dots to unqualified names. Such names are likely to come
|
||||
* from local hosts files or from NIS.
|
||||
@@ -61,8 +62,12 @@
|
||||
if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
|
||||
return (gethostbyname(name));
|
||||
} else {
|
||||
- sprintf(dot_name, "%s.", name);
|
||||
- return (gethostbyname(dot_name));
|
||||
+ sprintf(dot_name, "%s.", name);
|
||||
+ hp = gethostbyname(dot_name);
|
||||
+ if (hp)
|
||||
+ return hp;
|
||||
+ else
|
||||
+ return (gethostbyname(name));
|
||||
}
|
||||
}
|
||||
|
@ -1,14 +1,17 @@
|
||||
Summary: A security tool which acts as a wrapper for TCP daemons.
|
||||
Name: tcp_wrappers
|
||||
Version: 7.6
|
||||
Release: 16
|
||||
Release: 18
|
||||
Copyright: Distributable
|
||||
Group: System Environment/Daemons
|
||||
Source: ftp://coast.cs.purdue.edu/pub/tools/unix/tcp_wrappers/tcp_wrappers_7.6.tar.gz
|
||||
Patch: tcpw7.2-config.patch
|
||||
Patch0: tcpw7.2-config.patch
|
||||
Patch1: tcpw7.2-setenv.patch
|
||||
Patch2: tcpw7.6-netgroup.patch
|
||||
Patch3: tcp_wrappers-7.6-bug11881.patch
|
||||
Patch4: tcp_wrappers-7.6-bug17795.patch
|
||||
Patch5: tcp_wrappers-7.6-bug17847.patch
|
||||
Patch6: tcp_wrappers-7.6-fixgethostbyname.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-root
|
||||
|
||||
%description
|
||||
@ -25,13 +28,12 @@ filtering incoming network services requests.
|
||||
%patch1 -p1 -b .setenv
|
||||
%patch2 -p1 -b .netgroup
|
||||
%patch3 -p1 -b .bug11881
|
||||
%patch4 -p1 -b .bug17795
|
||||
%patch5 -p1 -b .bug17847
|
||||
%patch6 -p1 -b .fixgethostbyname
|
||||
|
||||
%build
|
||||
%ifarch ia64 sparc sparc64 sparcv9
|
||||
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC"
|
||||
export RPM_OPT_FLAGS
|
||||
%endif
|
||||
make linux
|
||||
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC" linux
|
||||
|
||||
%install
|
||||
rm -rf ${RPM_BUILD_ROOT}
|
||||
@ -69,6 +71,13 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%{_sbindir}/*
|
||||
|
||||
%changelog
|
||||
* Mon Feb 5 2001 Preston Brown <pbrown@redhat.com>
|
||||
- fix gethostbyname to work better with dot "." notation (#16949)
|
||||
|
||||
* Sat Dec 30 2000 Jeff Johnson <jbj@redhat.com>
|
||||
- permit hosts.{allow,deny} to be assembled from included components (#17795).
|
||||
- permit '*' and '?' wildcard matches on hostnames (#17847).
|
||||
|
||||
* Sun Nov 19 2000 Bill Nottingham <notting@redhat.com>
|
||||
- ia64 needs -fPIC too
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user