- Add modified tcpdmatch (#604011)

2010-06-16 12:52:24 +00:00 · 2010-06-16 12:52:24 +00:00 · ba2210e782
parent 94d08c8a73
commit ba2210e782
2 changed files with 86 additions and 3 deletions
--- a/tcp_wrappers-7.6-inetdconf.patch
+++ b/tcp_wrappers-7.6-inetdconf.patch
@ -0,0 +1,79 @@
+diff -up tcp_wrappers_7.6/tcpdmatch.8.inetdconf tcp_wrappers_7.6/tcpdmatch.8
+--- tcp_wrappers_7.6/tcpdmatch.8.inetdconf	2010-06-16 14:39:32.000000000 +0200
+++ tcp_wrappers_7.6/tcpdmatch.8	2010-06-16 14:42:25.000000000 +0200
+@@ -2,9 +2,9 @@
+ .SH NAME
+ tcpdmatch \- tcp wrapper oracle
+ .SH SYNOPSYS
+-tcpdmatch [-d] [-i inet_conf] daemon client
+tcpdmatch [-d] daemon client
+ .sp
+-tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client
+tcpdmatch [-d] daemon[@server] [user@]client
+ .SH DESCRIPTION
+ .PP
+ \fItcpdmatch\fR predicts how the tcp wrapper would handle a specific
+@@ -48,10 +48,6 @@ The default user name is `unknown'.
+ .IP -d
+ Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
+ directory instead of the default ones.
+-.IP "-i inet_conf"
+-Specify this option when \fItcpdmatch\fR is unable to find your
+-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
+-you suspect that the program uses the wrong one.
+ .SH EXAMPLES
+ To predict how \fItcpd\fR would handle a telnet request from the local
+ system:
+@@ -82,11 +78,8 @@ The default locations of the \fItcpd\fR 
+ .SH SEE ALSO
+ .na
+ .nf
+-tcpdchk(8), tcpd configuration checker
+ hosts_access(5), format of the tcpd access control tables.
+ hosts_options(5), format of the language extensions.
+-inetd.conf(5), format of the inetd control file.
+-tlid.conf(5), format of the tlid control file.
+ .SH AUTHORS
+ .na
+ .nf
+diff -up tcp_wrappers_7.6/tcpdmatch.c.inetdconf tcp_wrappers_7.6/tcpdmatch.c
+--- tcp_wrappers_7.6/tcpdmatch.c.inetdconf	2010-06-16 14:37:09.000000000 +0200
+++ tcp_wrappers_7.6/tcpdmatch.c	2010-06-16 14:39:18.000000000 +0200
+@@ -140,25 +140,6 @@ char  **argv;
+     }
+ 
+     /*
+-     * Analyze the inetd (or tlid) configuration file, so that we can warn
+-     * the user about services that may not be wrapped, services that are not
+-     * configured, or services that are wrapped in an incorrect manner. Allow
+-     * for services that are not run from inetd, or that have tcpd access
+-     * control built into them.
+-     */
+-    inetcf = inet_cfg(inetcf);
+-    inet_set("portmap", WR_NOT);
+-    inet_set("rpcbind", WR_NOT);
+-    switch (inet_get(daemon)) {
+-    case WR_UNKNOWN:
+-	tcpd_warn("%s: no such process name in %s", daemon, inetcf);
+-	break;
+-    case WR_NOT:
+-	tcpd_warn("%s: service possibly not wrapped", daemon);
+-	break;
+-    }
+-
+-    /*
+      * Check accessibility of access control files.
+      */
+     (void) check_path(hosts_allow_table, &st);
+@@ -319,10 +300,9 @@ char  **argv;
+ static void usage(myname)
+ char   *myname;
+ {
+-    fprintf(stderr, "usage: %s [-d] [-i inet_conf] daemon[@host] [user@]host\n",
+    fprintf(stderr, "usage: %s [-d] daemon[@host] [user@]host\n",
+ 	    myname);
+     fprintf(stderr, "	-d: use allow/deny files in current directory\n");
+-    fprintf(stderr, "	-i: location of inetd.conf file\n");
+     exit(1);
+ }
+ 
--- a/tcp_wrappers.spec
+++ b/tcp_wrappers.spec
@ -1,7 +1,7 @@
 Summary: A security tool which acts as a wrapper for TCP daemons
 Name: tcp_wrappers
 Version: 7.6
-Release: 58%{?dist}
+Release: 59%{?dist}

 %define LIB_MAJOR 0
 %define LIB_MINOR 7
@ -34,6 +34,7 @@ Patch19: tcp_wrappers-7.6-siglongjmp.patch
 Patch20: tcp_wrappers-7.6-sigchld.patch
 Patch21: tcp_wrappers-7.6-196326.patch
 Patch22: tcp_wrappers_7.6-249430.patch
+Patch23: tcp_wrappers-7.6-inetdconf.patch
 # required by sin_scope_id in ipv6 patch
 BuildRequires: glibc-devel >= 2.2
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -90,6 +91,7 @@ develop applications with tcp_wrappers support.
 %patch20 -p1 -b .sigchld
 %patch21 -p1 -b .196326
 %patch22 -p1 -b .249430
+%patch23 -p1 -b .inetdconf

 %build
 make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
@ -114,11 +116,10 @@ install -p -m644 tcpd.h ${RPM_BUILD_ROOT}%{_includedir}
 install -m755 safe_finger ${RPM_BUILD_ROOT}%{_sbindir}
 install -m755 tcpd ${RPM_BUILD_ROOT}%{_sbindir}
 install -m755 try-from ${RPM_BUILD_ROOT}%{_sbindir}
+install -m755 tcpdmatch ${RPM_BUILD_ROOT}%{_sbindir}

 # XXX remove utilities that expect /etc/inetd.conf (#16059).
 #install -m755 tcpdchk ${RPM_BUILD_ROOT}%{_sbindir}
-#install -m755 tcpdmatch ${RPM_BUILD_ROOT}%{_sbindir}
-rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdmatch.*
 rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdchk.*

 %post libs -p /sbin/ldconfig
@ -148,6 +149,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man3/*

 %changelog
+* Wed Jun 16 2010 Jan F. Chadima <jchadima@redhat.com> - 7.6-59
+- Add modified tcpdmatch (#604011)
+
 * Fri Feb  5 2010 Jan F. Chadima <jchadima@redhat.com> - 7.6-58
 - Add manual pages for safe_finger and try-from (#526190)