updated to upstream ipv6 support
This commit is contained in:
parent
3ae92873be
commit
cf076b1867
|
@ -1 +1,2 @@
|
|||
tcp_wrappers_7.6.tar.gz
|
||||
tcp_wrappers_7.6-ipv6.4.tar.gz
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
e6fa25f71226d090f34de3f6b122fb5a tcp_wrappers_7.6.tar.gz
|
||||
ccbc2676977c31bbd43783abfbf2fdcf tcp_wrappers_7.6-ipv6.4.tar.gz
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
diff -up tcp_wrappers_7.6/hosts_access.c.patch21 tcp_wrappers_7.6/hosts_access.c
|
||||
--- tcp_wrappers_7.6/hosts_access.c.patch21 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -346,6 +346,9 @@ char *string;
|
||||
@@ -391,6 +391,9 @@ char *string;
|
||||
return (STR_NE(string, unknown));
|
||||
} else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */
|
||||
return (STRN_EQ(tok, string, n));
|
||||
|
@ -9,5 +9,5 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch21 tcp_wrappers_7.6/hosts_access.c
|
|||
+ && (STR_EQ(string, "localhost") || STR_EQ(string, "localhost.localdomain"))) {
|
||||
+ return (YES); /* these localhosts are equivalent */
|
||||
} else { /* exact match */
|
||||
#ifdef INET6
|
||||
struct addrinfo hints, *res;
|
||||
return (STR_EQ(tok, string));
|
||||
}
|
||||
|
|
|
@ -23,8 +23,8 @@ diff -up tcp_wrappers_7.6/hosts_ctl.c.patch17 tcp_wrappers_7.6/hosts_ctl.c
|
|||
diff -up tcp_wrappers_7.6/socket.c.patch17 tcp_wrappers_7.6/socket.c
|
||||
--- tcp_wrappers_7.6/socket.c.patch17 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/socket.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -147,6 +147,51 @@ struct request_info *request;
|
||||
#endif
|
||||
@@ -130,6 +130,51 @@ struct request_info *request;
|
||||
request->server->sin = &server;
|
||||
}
|
||||
|
||||
+/* sock_hostnofd - look up endpoint addresses and install conversion methods */
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat tcp_wrappers_7.6-ipv6.4/hosts_access.c
|
||||
--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat 2013-01-28 13:22:09.986535601 +0100
|
||||
+++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-01-28 13:42:12.142650817 +0100
|
||||
@@ -333,9 +333,9 @@ struct host_info *host;
|
||||
|
||||
/*
|
||||
* A /nnn prefix specifies how many bits of the address we
|
||||
- * need to check.
|
||||
+ * need to check.
|
||||
*/
|
||||
- if ((slash = strchr(tok, '/'))) {
|
||||
+ if ((slash = strchr(tok, '/')) || (slash = strchr(cbr+1, '/'))) {
|
||||
*slash = '\0';
|
||||
mask = atoi(slash+1);
|
||||
if (mask < 0 || mask > IPV6_ABITS) {
|
||||
@@ -349,6 +349,8 @@ struct host_info *host;
|
||||
}
|
||||
}
|
||||
|
||||
+ printf("IPv6 addr/mask: %s/%s\n", tok+1, slash+1);
|
||||
+
|
||||
if (cbr == NULL || inet_pton(AF_INET6, tok+1, &in6) != 1) {
|
||||
tcpd_warn("bad IP6 address specification");
|
||||
return (NO);
|
||||
diff -up tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat tcp_wrappers_7.6-ipv6.4/tcpdchk.c
|
||||
--- tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat 2013-01-28 13:44:44.786549981 +0100
|
||||
+++ tcp_wrappers_7.6-ipv6.4/tcpdchk.c 2013-01-28 13:44:58.419629764 +0100
|
||||
@@ -434,6 +434,9 @@ char *pat;
|
||||
int err = 0;
|
||||
int mask = IPV6_ABITS;
|
||||
|
||||
+ if (!slash)
|
||||
+ slash = strchr(cbr+1, '/');
|
||||
+
|
||||
if (slash != NULL) {
|
||||
*slash = '\0';
|
||||
mask = atoi(slash + 1);
|
|
@ -1,6 +1,5 @@
|
|||
diff -up tcp_wrappers_7.6/hosts_access.5.patch6 tcp_wrappers_7.6/hosts_access.5
|
||||
--- tcp_wrappers_7.6/hosts_access.5.patch6 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200
|
||||
--- tcp_wrappers_7.6/hosts_access.5.patch6 2013-01-23 11:10:00.545081410 +0100
|
||||
+++ tcp_wrappers_7.6/hosts_access.5 2013-01-23 11:10:00.549081436 +0100
|
||||
@@ -96,6 +96,10 @@ or address pattern listed in the named f
|
||||
zero or more lines with zero or more host name or address patterns
|
||||
separated by whitespace. A file name pattern can be used anywhere
|
||||
|
@ -12,10 +11,9 @@ diff -up tcp_wrappers_7.6/hosts_access.5.patch6 tcp_wrappers_7.6/hosts_access.5
|
|||
.SH WILDCARDS
|
||||
The access control language supports explicit wildcards:
|
||||
.IP ALL
|
||||
diff -up tcp_wrappers_7.6/hosts_access.c.patch6 tcp_wrappers_7.6/hosts_access.c
|
||||
--- tcp_wrappers_7.6/hosts_access.c.patch6 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -311,6 +311,11 @@ char *string;
|
||||
--- tcp_wrappers_7.6/hosts_access.c.patch6 2013-01-23 11:10:00.546081416 +0100
|
||||
+++ tcp_wrappers_7.6/hosts_access.c 2013-01-23 11:12:28.519925230 +0100
|
||||
@@ -376,6 +376,11 @@ char *string;
|
||||
{
|
||||
int n;
|
||||
|
||||
|
@ -27,11 +25,10 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch6 tcp_wrappers_7.6/hosts_access.c
|
|||
if (tok[0] == '.') { /* suffix */
|
||||
n = strlen(string) - strlen(tok);
|
||||
return (n > 0 && STR_EQ(tok, string + n));
|
||||
@@ -351,3 +356,71 @@ char *string;
|
||||
}
|
||||
@@ -417,6 +422,74 @@ char *string;
|
||||
return ((addr & mask) == net);
|
||||
}
|
||||
+
|
||||
|
||||
+#ifndef DISABLE_WILDCARD_MATCHING
|
||||
+/* Note: this feature has been adapted in a pretty straightforward way
|
||||
+ from Tatu Ylonen's last SSH version under free license by
|
||||
|
@ -99,3 +96,7 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch6 tcp_wrappers_7.6/hosts_access.c
|
|||
+ /*NOTREACHED*/
|
||||
+}
|
||||
+#endif /* DISABLE_WILDCARD_MATCHING */
|
||||
+
|
||||
#ifdef HAVE_IPV6
|
||||
/*
|
||||
* Function that zeros all but the first "maskbits" bits of the IPV6 address
|
||||
|
|
|
@ -7,34 +7,33 @@
|
|||
+An expression of the form `n.n.n.n/m\' is interpreted as a
|
||||
+`net/prefixlen\' pair, as below, for IPv4 addresses.
|
||||
+.IP \(bu
|
||||
An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a
|
||||
`[net]/prefixlen\' pair. An IPv6 host address is matched if
|
||||
An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a
|
||||
`[net/prefixlen]\' pair. An IPv6 host address is matched if
|
||||
`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
|
||||
--- tcp_wrappers_7.6/tcpd.h.orig 2011-04-20 16:10:25.000000000 -0600
|
||||
+++ tcp_wrappers_7.6/tcpd.h 2011-04-20 16:11:56.000000000 -0600
|
||||
@@ -101,6 +101,7 @@ extern void refuse __P((struct request_i
|
||||
extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
|
||||
extern char *split_at __P((char *, int)); /* strchr() and split */
|
||||
extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
|
||||
@@ -164,6 +164,7 @@ extern void refuse __P((struct request_i
|
||||
extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
|
||||
extern char *split_at __P((char *, int)); /* strchr() and split */
|
||||
extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
|
||||
+extern unsigned long prefix_to_netmask __P((char *)); /* 0-32 prefix length */
|
||||
|
||||
/* Global variables. */
|
||||
|
||||
extern int numeric_addr __P((char *, union gen_addr *, int *, int *)); /* IP4/IP6 inet_addr (restricted) */
|
||||
extern struct hostent *tcpd_gethostbyname __P((char *, int));
|
||||
/* IP4/IP6 gethostbyname */
|
||||
--- tcp_wrappers_7.6/misc.c.orig 2011-04-20 16:10:25.000000000 -0600
|
||||
+++ tcp_wrappers_7.6/misc.c 2011-04-20 16:13:39.000000000 -0600
|
||||
@@ -14,6 +14,8 @@
|
||||
#include <arpa/inet.h>
|
||||
#include <stdio.h>
|
||||
@@ -16,6 +16,7 @@ static char sccsic[] = "@(#) misc.c 1.2
|
||||
#include <string.h>
|
||||
+#include <ctype.h>
|
||||
#include <ctype.h>
|
||||
#include <netdb.h>
|
||||
+#include <stdlib.h>
|
||||
|
||||
#include "tcpd.h"
|
||||
|
||||
@@ -107,3 +107,22 @@ char *str;
|
||||
@@ -214,3 +215,21 @@ char *str;
|
||||
}
|
||||
return (runs == 4 ? inet_addr(str) : INADDR_NONE);
|
||||
}
|
||||
#endif /* HAVE_IPV6 */
|
||||
+
|
||||
+/* prefix_to_netmask - convert prefix (0-32) to netmask */
|
||||
+
|
||||
|
@ -53,10 +52,9 @@
|
|||
+
|
||||
+ return htonl(~0UL << (32 - prefix));
|
||||
+}
|
||||
+
|
||||
--- tcp_wrappers_7.6/hosts_access.c.orig 2011-04-20 16:10:25.000000000 -0600
|
||||
+++ tcp_wrappers_7.6/hosts_access.c 2011-04-20 16:21:07.000000000 -0600
|
||||
@@ -427,8 +427,11 @@ char *string;
|
||||
@@ -420,8 +420,11 @@ char *string;
|
||||
return (NO);
|
||||
if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
|
||||
|| ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
|
||||
|
@ -66,6 +64,6 @@
|
|||
+ && strcmp(mask_tok, "32"))) {
|
||||
/* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */
|
||||
+ /* 32 == INADDR_NONE, separate check needed. philipp */
|
||||
#ifndef INET6
|
||||
tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
|
||||
#endif
|
||||
return (NO); /* not tcpd_jump() */
|
||||
}
|
||||
|
|
|
@ -1,28 +1,27 @@
|
|||
diff -up tcp_wrappers_7.6/socket.c.patch7 tcp_wrappers_7.6/socket.c
|
||||
--- tcp_wrappers_7.6/socket.c.patch7 1997-03-21 19:27:25.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/socket.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -52,7 +52,8 @@ static struct hostent *gethostbyname_dot
|
||||
char *name;
|
||||
--- tcp_wrappers_7.6-ipv6.4/socket.c.patch7 1999-10-27 15:23:14.000000000 +0200
|
||||
+++ tcp_wrappers_7.6-ipv6.4/socket.c 2013-01-23 11:41:48.776857327 +0100
|
||||
@@ -54,6 +54,8 @@ int af;
|
||||
{
|
||||
char dot_name[MAXHOSTNAMELEN + 1];
|
||||
-
|
||||
|
||||
+ struct hostent *hp;
|
||||
+
|
||||
+
|
||||
/*
|
||||
* Don't append dots to unqualified names. Such names are likely to come
|
||||
* from local hosts files or from NIS.
|
||||
@@ -61,8 +62,12 @@ char *name;
|
||||
@@ -62,8 +64,13 @@ int af;
|
||||
if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
|
||||
return (gethostbyname(name));
|
||||
return (tcpd_gethostbyname(name, af));
|
||||
} else {
|
||||
- sprintf(dot_name, "%s.", name);
|
||||
- return (gethostbyname(dot_name));
|
||||
- return (tcpd_gethostbyname(dot_name, af));
|
||||
+ sprintf(dot_name, "%s.", name);
|
||||
+ hp = gethostbyname(dot_name);
|
||||
+ if (hp)
|
||||
+ return hp;
|
||||
+ else
|
||||
+ return (gethostbyname(name));
|
||||
+ hp = tcpd_gethostbyname(dot_name, af);
|
||||
+ if (hp)
|
||||
+ return hp;
|
||||
+
|
||||
+ else
|
||||
+ return tcpd_gethostbyname(name, af);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,37 +0,0 @@
|
|||
diff -up tcp_wrappers_7.6/rfc931.c.patch18 tcp_wrappers_7.6/rfc931.c
|
||||
--- tcp_wrappers_7.6/rfc931.c.patch18 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/rfc931.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -92,6 +92,8 @@ char *dest;
|
||||
char *cp;
|
||||
char *result = unknown;
|
||||
FILE *fp;
|
||||
+ unsigned saved_timeout;
|
||||
+ struct sigaction nact, oact;
|
||||
|
||||
#ifdef INET6
|
||||
/* address family must be the same */
|
||||
@@ -134,7 +136,12 @@ char *dest;
|
||||
*/
|
||||
|
||||
if (setjmp(timebuf) == 0) {
|
||||
- signal(SIGALRM, timeout);
|
||||
+ /* Save SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */
|
||||
+ saved_timeout = alarm(0);
|
||||
+ nact.sa_handler = timeout;
|
||||
+ nact.sa_flags = 0;
|
||||
+ (void) sigemptyset(&nact.sa_mask);
|
||||
+ (void) sigaction(SIGALRM, &nact, &oact);
|
||||
alarm(rfc931_timeout);
|
||||
|
||||
/*
|
||||
@@ -223,6 +230,10 @@ char *dest;
|
||||
}
|
||||
alarm(0);
|
||||
}
|
||||
+ /* Restore SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */
|
||||
+ (void) sigaction(SIGALRM, &oact, NULL);
|
||||
+ if (saved_timeout > 0)
|
||||
+ alarm(saved_timeout);
|
||||
fclose(fp);
|
||||
}
|
||||
STRN_CPY(dest, result, STRING_LENGTH);
|
|
@ -6,9 +6,9 @@ diff -up tcp_wrappers_7.6/Makefile.patch11 tcp_wrappers_7.6/Makefile
|
|||
linux:
|
||||
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
- LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||
- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all
|
||||
- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all
|
||||
+ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
|
||||
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -fPIC -DPIC -D_REENTRANT -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all
|
||||
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -fPIC -DPIC -D_REENTRANT -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all
|
||||
|
||||
linux-old:
|
||||
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
|
@ -52,30 +52,6 @@ diff -up tcp_wrappers_7.6/Makefile.patch11 tcp_wrappers_7.6/Makefile
|
|||
+weak_symbols.o: tcpd.h
|
||||
workarounds.o: cflags
|
||||
workarounds.o: tcpd.h
|
||||
diff -up tcp_wrappers_7.6/scaffold.c.patch11 tcp_wrappers_7.6/scaffold.c
|
||||
--- tcp_wrappers_7.6/scaffold.c.patch11 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/scaffold.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -237,10 +237,17 @@ struct request_info *request;
|
||||
|
||||
/* ARGSUSED */
|
||||
|
||||
-void rfc931(request)
|
||||
-struct request_info *request;
|
||||
+void rfc931(rmt_sin, our_sin, dest)
|
||||
+#ifndef INET6
|
||||
+struct sockaddr_in *rmt_sin;
|
||||
+struct sockaddr_in *our_sin;
|
||||
+#else
|
||||
+struct sockaddr *rmt_sin;
|
||||
+struct sockaddr *our_sin;
|
||||
+#endif
|
||||
+char *dest;
|
||||
{
|
||||
- strcpy(request->user, unknown);
|
||||
+ strcpy(dest, unknown);
|
||||
}
|
||||
|
||||
/* check_path - examine accessibility */
|
||||
diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
|
||||
--- tcp_wrappers_7.6/tcpd.h.patch11 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/tcpd.h 2008-08-29 09:45:12.000000000 +0200
|
||||
|
@ -105,7 +81,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
|
|||
/* Structure to describe one communications endpoint. */
|
||||
|
||||
#define STRING_LENGTH 128 /* hosts, users, processes */
|
||||
@@ -29,10 +48,10 @@ struct request_info {
|
||||
@@ -92,10 +111,10 @@ struct request_info {
|
||||
char pid[10]; /* access via eval_pid(request) */
|
||||
struct host_info client[1]; /* client endpoint info */
|
||||
struct host_info server[1]; /* server endpoint info */
|
||||
|
@ -120,12 +96,12 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
|
|||
struct netconfig *config; /* netdir handle */
|
||||
};
|
||||
|
||||
@@ -65,25 +84,34 @@ extern char paranoid[];
|
||||
@@ -132,33 +151,38 @@ extern char paranoid[];
|
||||
/* Global functions. */
|
||||
|
||||
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
|
||||
-extern void fromhost(); /* get/validate client host info */
|
||||
+extern void fromhost __P((struct request_info *)); /* get/validate client host info */
|
||||
+extern void fromhost __P((struct request_info *)); /* get/validate client host info */
|
||||
#else
|
||||
#define fromhost sock_host /* no TLI support needed */
|
||||
#endif
|
||||
|
@ -139,18 +115,25 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
|
|||
-extern char *xgets(); /* fgets() on steroids */
|
||||
-extern char *split_at(); /* strchr() and split */
|
||||
-extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
|
||||
+extern void shell_cmd __P((char *)); /* execute shell command */
|
||||
+extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
|
||||
+#ifdef INET6
|
||||
+extern void rfc931 __P((struct sockaddr *, struct sockaddr *, char *)); /* client name from RFC 931 daemon */
|
||||
+#else
|
||||
+extern void rfc931 __P((struct sockaddr_in *, struct sockaddr_in *, char *)); /* client name from RFC 931 daemon */
|
||||
+#endif
|
||||
+extern void clean_exit __P((struct request_info *)); /* clean up and exit */
|
||||
+extern void refuse __P((struct request_info *)); /* clean up and exit */
|
||||
+extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
|
||||
+extern char *split_at __P((char *, int)); /* strchr() and split */
|
||||
+extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
|
||||
-extern int numeric_addr(); /* IP4/IP6 inet_addr (restricted) */
|
||||
-extern struct hostent *tcpd_gethostbyname();
|
||||
+extern void shell_cmd __P((char *)); /* execute shell command */
|
||||
+extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
|
||||
+extern void rfc931 __P((struct sockaddr_gen *, struct sockaddr_gen *, char *)); /* client name from RFC 931 daemon */
|
||||
+extern void clean_exit __P((struct request_info *)); /* clean up and exit */
|
||||
+extern void refuse __P((struct request_info *)); /* clean up and exit */
|
||||
+extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
|
||||
+extern char *split_at __P((char *, int)); /* strchr() and split */
|
||||
+extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
|
||||
+extern int numeric_addr __P((char *, union gen_addr *, int *, int *)); /* IP4/IP6 inet_addr (restricted) */
|
||||
+extern struct hostent *tcpd_gethostbyname __P((char *, int));
|
||||
/* IP4/IP6 gethostbyname */
|
||||
#ifdef HAVE_IPV6
|
||||
-extern char *skip_ipv6_addrs(); /* skip over colons in IPv6 addrs */
|
||||
+extern char *skip_ipv6_addrs __P((char *)); /* skip over colons in IPv6 addrs */
|
||||
#else
|
||||
#define skip_ipv6_addrs(x) x
|
||||
#endif
|
||||
|
||||
/* Global variables. */
|
||||
|
||||
|
@ -165,7 +148,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
|
|||
extern char *hosts_allow_table; /* for verification mode redirection */
|
||||
extern char *hosts_deny_table; /* for verification mode redirection */
|
||||
extern int hosts_access_verbose; /* for verbose matching mode */
|
||||
@@ -96,9 +124,14 @@ extern int resident; /* > 0 if residen
|
||||
@@ -171,9 +195,14 @@ extern int resident; /* > 0 if residen
|
||||
*/
|
||||
|
||||
#ifdef __STDC__
|
||||
|
@ -180,7 +163,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
|
|||
extern struct request_info *request_init(); /* initialize request */
|
||||
extern struct request_info *request_set(); /* update request structure */
|
||||
#endif
|
||||
@@ -121,27 +154,31 @@ extern struct request_info *request_set(
|
||||
@@ -196,27 +225,31 @@ extern struct request_info *request_set(
|
||||
* host_info structures serve as caches for the lookup results.
|
||||
*/
|
||||
|
||||
|
@ -222,7 +205,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
|
|||
#endif
|
||||
|
||||
/*
|
||||
@@ -182,7 +219,7 @@ extern struct tcpd_context tcpd_context;
|
||||
@@ -257,7 +290,7 @@ extern struct tcpd_context tcpd_context;
|
||||
* behavior.
|
||||
*/
|
||||
|
||||
|
@ -231,7 +214,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
|
|||
extern int dry_run; /* verification flag */
|
||||
|
||||
/* Bug workarounds. */
|
||||
@@ -221,3 +258,7 @@ extern char *fix_strtok();
|
||||
@@ -296,3 +329,7 @@ extern char *fix_strtok();
|
||||
#define strtok my_strtok
|
||||
extern char *my_strtok();
|
||||
#endif
|
||||
|
@ -254,3 +237,31 @@ diff -up /dev/null tcp_wrappers_7.6/weak_symbols.c
|
|||
+int deny_severity = LOG_WARNING;
|
||||
+int allow_severity = SEVERITY;
|
||||
+#endif
|
||||
diff -up tcp_wrappers_7.6/scaffold.c.patch11 tcp_wrappers_7.6/scaffold.c
|
||||
--- tcp_wrappers_7.6/scaffold.c.patch11 2013-01-28 11:08:48.598273563 +0100
|
||||
+++ tcp_wrappers_7.6/scaffold.c 2013-01-28 11:08:56.069316992 +0100
|
||||
@@ -25,7 +25,7 @@ static char sccs_id[] = "@(#) scaffold.c
|
||||
#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
|
||||
#endif
|
||||
|
||||
-extern char *malloc();
|
||||
+extern void *malloc(size_t);
|
||||
|
||||
/* Application-specific. */
|
||||
|
||||
@@ -180,10 +180,12 @@ struct request_info *request;
|
||||
|
||||
/* ARGSUSED */
|
||||
|
||||
-void rfc931(request)
|
||||
-struct request_info *request;
|
||||
+void rfc931(rmt_sin, our_sin, dest)
|
||||
+struct sockaddr_gen *rmt_sin;
|
||||
+struct sockaddr_gen *our_sin;
|
||||
+char *dest;
|
||||
{
|
||||
- strcpy(request->user, unknown);
|
||||
+ strcpy(dest, unknown);
|
||||
}
|
||||
|
||||
/* check_path - examine accessibility */
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
diff -up tcp_wrappers_7.6/percent_m.c.patch13 tcp_wrappers_7.6/percent_m.c
|
||||
--- tcp_wrappers_7.6/percent_m.c.patch13 1994-12-28 17:42:37.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/percent_m.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -13,7 +13,7 @@ static char sccsid[] = "@(#) percent_m.c
|
||||
#include <string.h>
|
||||
|
||||
extern int errno;
|
||||
-#ifndef SYS_ERRLIST_DEFINED
|
||||
+#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
|
||||
extern char *sys_errlist[];
|
||||
extern int sys_nerr;
|
||||
#endif
|
||||
@@ -29,11 +29,15 @@ char *ibuf;
|
||||
|
||||
while (*bp = *cp)
|
||||
if (*cp == '%' && cp[1] == 'm') {
|
||||
+#ifdef HAVE_STRERROR
|
||||
+ strcpy(bp, strerror(errno));
|
||||
+#else
|
||||
if (errno < sys_nerr && errno > 0) {
|
||||
strcpy(bp, sys_errlist[errno]);
|
||||
} else {
|
||||
sprintf(bp, "Unknown error %d", errno);
|
||||
}
|
||||
+#endif
|
||||
bp += strlen(bp);
|
||||
cp += 2;
|
||||
} else {
|
|
@ -0,0 +1,21 @@
|
|||
diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch tcp_wrappers_7.6-ipv6.4/hosts_access.c
|
||||
--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch 2013-01-28 10:19:20.424857730 +0100
|
||||
+++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-01-28 10:19:44.719991745 +0100
|
||||
@@ -514,7 +514,7 @@ static void ipv6_mask(in6p, maskbits)
|
||||
struct in6_addr *in6p;
|
||||
int maskbits;
|
||||
{
|
||||
- uchar_t *p = (uchar_t*) in6p;
|
||||
+ unsigned char *p = (unsigned char*) in6p;
|
||||
|
||||
if (maskbits < 0 || maskbits >= IPV6_ABITS)
|
||||
return;
|
||||
@@ -525,7 +525,7 @@ int maskbits;
|
||||
if (maskbits != 0)
|
||||
*p++ &= 0xff << (8 - maskbits);
|
||||
|
||||
- while (p < (((uchar_t*) in6p)) + sizeof(*in6p))
|
||||
+ while (p < (((unsigned char*) in6p)) + sizeof(*in6p))
|
||||
*p++ = 0;
|
||||
}
|
||||
#endif
|
|
@ -66,7 +66,7 @@ diff -up tcp_wrappers_7.6/fix_options.c.warnings tcp_wrappers_7.6/fix_options.c
|
|||
unsigned int opt;
|
||||
@@ -46,7 +48,7 @@ struct request_info *request;
|
||||
struct in_addr dummy;
|
||||
#ifdef INET6
|
||||
#ifdef HAVE_IPV6
|
||||
struct sockaddr_storage ss;
|
||||
- int sslen;
|
||||
+ unsigned int sslen;
|
||||
|
@ -76,15 +76,16 @@ diff -up tcp_wrappers_7.6/fix_options.c.warnings tcp_wrappers_7.6/fix_options.c
|
|||
diff -up tcp_wrappers_7.6/hosts_access.c.warnings tcp_wrappers_7.6/hosts_access.c
|
||||
--- tcp_wrappers_7.6/hosts_access.c.warnings 2011-08-16 10:29:50.233418824 +0200
|
||||
+++ tcp_wrappers_7.6/hosts_access.c 2011-08-16 10:29:51.653475947 +0200
|
||||
@@ -39,6 +39,8 @@ static char sccsid[] = "@(#) hosts_acces
|
||||
@@ -33,6 +33,9 @@ static char sccsid[] = "@(#) hosts_acces
|
||||
#include <errno.h>
|
||||
#include <setjmp.h>
|
||||
#include <string.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <rpcsvc/ypclnt.h>
|
||||
#ifdef INET6
|
||||
#include <netdb.h>
|
||||
#endif
|
||||
+#include <netdb.h>
|
||||
|
||||
extern char *fgets();
|
||||
extern int errno;
|
||||
@@ -58,6 +60,8 @@ extern int errno;
|
||||
|
||||
extern jmp_buf tcpd_buf;
|
||||
|
@ -94,6 +95,23 @@ diff -up tcp_wrappers_7.6/hosts_access.c.warnings tcp_wrappers_7.6/hosts_access.
|
|||
/* Delimiters for lists of daemons or clients. */
|
||||
|
||||
static char sep[] = ", \t\r\n";
|
||||
@@ -323,14 +328,14 @@ struct host_info *host;
|
||||
hip = &host->sin->sg_sin6.sin6_addr;
|
||||
}
|
||||
|
||||
- if (cbr = strchr(tok, ']'))
|
||||
+ if ((cbr = strchr(tok, ']')))
|
||||
*cbr = '\0';
|
||||
|
||||
/*
|
||||
* A /nnn prefix specifies how many bits of the address we
|
||||
* need to check.
|
||||
*/
|
||||
- if (slash = strchr(tok, '/')) {
|
||||
+ if ((slash = strchr(tok, '/'))) {
|
||||
*slash = '\0';
|
||||
mask = atoi(slash+1);
|
||||
if (mask < 0 || mask > IPV6_ABITS) {
|
||||
diff -up tcp_wrappers_7.6/inetcf.c.warnings tcp_wrappers_7.6/inetcf.c
|
||||
--- tcp_wrappers_7.6/inetcf.c.warnings 2011-08-16 10:29:48.117418621 +0200
|
||||
+++ tcp_wrappers_7.6/inetcf.c 2011-08-16 10:29:51.752605633 +0200
|
||||
|
@ -309,8 +327,8 @@ diff -up tcp_wrappers_7.6/percent_m.c.warnings tcp_wrappers_7.6/percent_m.c
|
|||
- while (*bp = *cp)
|
||||
+ while ((*bp = *cp))
|
||||
if (*cp == '%' && cp[1] == 'm') {
|
||||
#ifdef HAVE_STRERROR
|
||||
strcpy(bp, strerror(errno));
|
||||
#ifdef USE_STRERROR
|
||||
strcpy(bp, strerror(errno));
|
||||
diff -up tcp_wrappers_7.6/percent_x.c.warnings tcp_wrappers_7.6/percent_x.c
|
||||
--- tcp_wrappers_7.6/percent_x.c.warnings 1994-12-28 17:42:38.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/percent_x.c 2011-08-16 10:29:52.116485510 +0200
|
||||
|
@ -341,7 +359,7 @@ diff -up tcp_wrappers_7.6/rfc931.c.warnings tcp_wrappers_7.6/rfc931.c
|
|||
+ unsigned saved_timeout = 0;
|
||||
struct sigaction nact, oact;
|
||||
|
||||
#ifdef INET6
|
||||
/*
|
||||
@@ -223,7 +224,7 @@ char *dest;
|
||||
* protocol, not part of the data.
|
||||
*/
|
||||
|
@ -397,43 +415,24 @@ diff -up tcp_wrappers_7.6/scaffold.c.warnings tcp_wrappers_7.6/scaffold.c
|
|||
|
||||
#ifndef INADDR_NONE
|
||||
#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
|
||||
@@ -174,7 +176,9 @@ char *host;
|
||||
struct hostent *hp;
|
||||
#endif
|
||||
int count;
|
||||
+#ifndef INET6
|
||||
char *addr;
|
||||
+#endif
|
||||
|
||||
if ((hp = find_inet_addr(host)) == 0)
|
||||
return (0);
|
||||
diff -up tcp_wrappers_7.6/socket.c.warnings tcp_wrappers_7.6/socket.c
|
||||
--- tcp_wrappers_7.6/socket.c.warnings 2011-08-16 10:29:48.319483715 +0200
|
||||
+++ tcp_wrappers_7.6/socket.c 2011-08-16 10:29:52.630463906 +0200
|
||||
@@ -95,7 +95,7 @@ struct request_info *request;
|
||||
static struct sockaddr_in client;
|
||||
static struct sockaddr_in server;
|
||||
#endif
|
||||
@@ -84,7 +84,7 @@ struct request_info *request;
|
||||
{
|
||||
static struct sockaddr_gen client;
|
||||
static struct sockaddr_gen server;
|
||||
- int len;
|
||||
+ unsigned len;
|
||||
char buf[BUFSIZ];
|
||||
int fd = request->fd;
|
||||
|
||||
@@ -228,7 +228,7 @@ struct host_info *host;
|
||||
struct sockaddr *sin = host->sin;
|
||||
struct sockaddr_in sin4;
|
||||
struct addrinfo hints, *res, *res0 = NULL;
|
||||
- int salen, alen, err = 1;
|
||||
+ int salen, alen = 0, err = 1;
|
||||
char *ap = NULL, *rap, hname[NI_MAXHOST];
|
||||
|
||||
if (sin != NULL) {
|
||||
@@ -471,7 +471,7 @@ int fd;
|
||||
#else
|
||||
@@ -293,7 +293,7 @@ int fd;
|
||||
{
|
||||
char buf[BUFSIZ];
|
||||
struct sockaddr_in sin;
|
||||
#endif
|
||||
- int size = sizeof(sin);
|
||||
+ unsigned int size = sizeof(sin);
|
||||
+ unsigned size = sizeof(sin);
|
||||
|
||||
/*
|
||||
* Eat up the not-yet received datagram. Some systems insist on a
|
||||
|
@ -464,7 +463,7 @@ diff -up tcp_wrappers_7.6/tcpd.c.warnings tcp_wrappers_7.6/tcpd.c
|
|||
diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c
|
||||
--- tcp_wrappers_7.6/tcpdchk.c.warnings 2011-08-16 10:29:45.552501988 +0200
|
||||
+++ tcp_wrappers_7.6/tcpdchk.c 2011-08-16 10:47:12.440605857 +0200
|
||||
@@ -33,6 +33,8 @@ static char sccsid[] = "@(#) tcpdchk.c 1
|
||||
@@ -30,6 +30,8 @@ static char sccsid[] = "@(#) tcpdchk.c 1
|
||||
#include <errno.h>
|
||||
#include <netdb.h>
|
||||
#include <string.h>
|
||||
|
@ -473,7 +472,7 @@ diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c
|
|||
|
||||
extern int errno;
|
||||
extern void exit();
|
||||
@@ -202,13 +204,15 @@ struct request_info *request;
|
||||
@@ -199,13 +201,15 @@ struct request_info *request;
|
||||
char sv_list[BUFLEN]; /* becomes list of daemons */
|
||||
char *cl_list; /* becomes list of requests */
|
||||
char *sh_cmd; /* becomes optional shell command */
|
||||
|
@ -490,7 +489,7 @@ diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c
|
|||
tcpd_context.file = table;
|
||||
tcpd_context.line = 0;
|
||||
while (xgets(sv_list, sizeof(sv_list), fp)) {
|
||||
@@ -334,7 +338,7 @@ char *list;
|
||||
@@ -331,7 +335,7 @@ char *list;
|
||||
clients = 0;
|
||||
} else {
|
||||
clients++;
|
||||
|
@ -499,15 +498,15 @@ diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c
|
|||
check_user(cp);
|
||||
check_host(host);
|
||||
} else {
|
||||
@@ -450,7 +454,7 @@ char *pat;
|
||||
tcpd_warn("netgroup support disabled");
|
||||
#endif
|
||||
@@ -446,7 +450,7 @@ char *pat;
|
||||
if (err)
|
||||
tcpd_warn("bad IP6 address specification: %s", pat);
|
||||
#endif
|
||||
- } else if (mask = split_at(pat, '/')) { /* network/netmask */
|
||||
+ } else if ((mask = split_at(pat, '/'))) { /* network/netmask */
|
||||
#ifdef INET6
|
||||
int mask_len;
|
||||
|
||||
if (dot_quad_addr(pat) == INADDR_NONE
|
||||
|| dot_quad_addr(mask) == INADDR_NONE)
|
||||
tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
|
||||
diff -up tcp_wrappers_7.6/tcpdmatch.c.warnings tcp_wrappers_7.6/tcpdmatch.c
|
||||
--- tcp_wrappers_7.6/tcpdmatch.c.warnings 2011-08-16 10:29:49.531427106 +0200
|
||||
+++ tcp_wrappers_7.6/tcpdmatch.c 2011-08-16 10:29:52.968605853 +0200
|
||||
|
@ -519,16 +518,6 @@ diff -up tcp_wrappers_7.6/tcpdmatch.c.warnings tcp_wrappers_7.6/tcpdmatch.c
|
|||
|
||||
extern void exit();
|
||||
extern int optind;
|
||||
@@ -65,7 +66,9 @@ char **argv;
|
||||
char *myname = argv[0];
|
||||
char *client;
|
||||
char *server;
|
||||
+#ifndef INET6
|
||||
char *addr;
|
||||
+#endif
|
||||
char *user;
|
||||
char *daemon;
|
||||
struct request_info request;
|
||||
diff -up tcp_wrappers_7.6/try-from.c.warnings tcp_wrappers_7.6/try-from.c
|
||||
--- tcp_wrappers_7.6/try-from.c.warnings 1994-12-28 17:42:55.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/try-from.c 2011-08-16 10:29:53.095607440 +0200
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: A security tool which acts as a wrapper for TCP daemons
|
||||
Name: tcp_wrappers
|
||||
Version: 7.6
|
||||
Release: 70%{?dist}
|
||||
Release: 71%{?dist}
|
||||
|
||||
%define LIB_MAJOR 0
|
||||
%define LIB_MINOR 7
|
||||
|
@ -9,7 +9,7 @@ Release: 70%{?dist}
|
|||
|
||||
License: BSD
|
||||
Group: System Environment/Daemons
|
||||
Source: ftp://ftp.porcupine.org/pub/security/%{name}_%{version}.tar.gz
|
||||
Source: ftp://ftp.porcupine.org/pub/security/%{name}_%{version}-ipv6.4.tar.gz
|
||||
URL: ftp://ftp.porcupine.org/pub/security/index.html
|
||||
Patch0: tcpw7.2-config.patch
|
||||
Patch1: tcpw7.2-setenv.patch
|
||||
|
@ -21,15 +21,12 @@ Patch6: tcp_wrappers-7.6-fixgethostbyname.patch
|
|||
Patch7: tcp_wrappers-7.6-docu.patch
|
||||
Patch8: tcp_wrappers-7.6-man.patch
|
||||
Patch9: tcp_wrappers.usagi-ipv6.patch
|
||||
Patch10: tcp_wrappers.ume-ipv6.patch
|
||||
Patch11: tcp_wrappers-7.6-shared.patch
|
||||
Patch12: tcp_wrappers-7.6-sig.patch
|
||||
Patch13: tcp_wrappers-7.6-strerror.patch
|
||||
Patch14: tcp_wrappers-7.6-ldflags.patch
|
||||
Patch15: tcp_wrappers-7.6-fix_sig-bug141110.patch
|
||||
Patch16: tcp_wrappers-7.6-162412.patch
|
||||
Patch17: tcp_wrappers-7.6-220015.patch
|
||||
Patch18: tcp_wrappers-7.6-restore_sigalarm.patch
|
||||
Patch19: tcp_wrappers-7.6-siglongjmp.patch
|
||||
Patch20: tcp_wrappers-7.6-sigchld.patch
|
||||
Patch21: tcp_wrappers-7.6-196326.patch
|
||||
|
@ -40,6 +37,8 @@ Patch25: tcp_wrappers-7.6-relro.patch
|
|||
Patch26: tcp_wrappers-7.6-xgets.patch
|
||||
Patch27: tcp_wrappers-7.6-initgroups.patch
|
||||
Patch28: tcp_wrappers-7.6-warnings.patch
|
||||
Patch29: tcp_wrappers-7.6-uchart_fix.patch
|
||||
Patch30: tcp_wrappers-7.6-altformat.patch
|
||||
# required by sin_scope_id in ipv6 patch
|
||||
BuildRequires: glibc-devel >= 2.2
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
@ -72,7 +71,7 @@ tcp_wrappers-devel contains the libraries and header files needed to
|
|||
develop applications with tcp_wrappers support.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}_%{version}
|
||||
%setup -q -n %{name}_%{version}-ipv6.4
|
||||
%patch0 -p1 -b .config
|
||||
%patch1 -p1 -b .setenv
|
||||
%patch2 -p1 -b .netgroup
|
||||
|
@ -83,15 +82,12 @@ develop applications with tcp_wrappers support.
|
|||
%patch7 -p1 -b .docu
|
||||
%patch8 -p1 -b .man
|
||||
%patch9 -p1 -b .usagi-ipv6
|
||||
%patch10 -p1 -b .ume-ipv6
|
||||
%patch11 -p1 -b .shared
|
||||
%patch12 -p1 -b .sig
|
||||
%patch13 -p1 -b .strerror
|
||||
%patch14 -p1 -b .cflags
|
||||
%patch15 -p1 -b .fix_sig
|
||||
%patch16 -p1 -b .162412
|
||||
%patch17 -p1 -b .220015
|
||||
%patch18 -p1 -b .restore_sigalarm
|
||||
%patch19 -p1 -b .siglongjmp
|
||||
%patch20 -p1 -b .sigchld
|
||||
%patch21 -p1 -b .196326
|
||||
|
@ -102,6 +98,8 @@ develop applications with tcp_wrappers support.
|
|||
%patch26 -p1 -b .xgets
|
||||
%patch27 -p1 -b .initgroups
|
||||
%patch28 -p1 -b .warnings
|
||||
%patch29 -p1 -b .uchart_fix
|
||||
%patch30 -p1 -b .altformat
|
||||
|
||||
%build
|
||||
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
|
||||
|
@ -159,6 +157,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Mon Jan 28 2013 Viktor Hercinger <vhercing@redhat.com> - 7.6-71
|
||||
- Updated to version with upstream IPv6 support
|
||||
|
||||
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-70
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
diff -up tcp_wrappers_7.6/hosts_access.c.patch10 tcp_wrappers_7.6/hosts_access.c
|
||||
--- tcp_wrappers_7.6/hosts_access.c.patch10 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -443,6 +443,15 @@ char *string;
|
||||
int len, mask_len, i = 0;
|
||||
char ch;
|
||||
|
||||
+ /*
|
||||
+ * Behavior of getaddrinfo() against IPv4-mapped IPv6 address is
|
||||
+ * different between KAME and Solaris8. While KAME returns
|
||||
+ * AF_INET6, Solaris8 returns AF_INET. So, we avoid this here.
|
||||
+ */
|
||||
+ if (STRN_EQ(string, "::ffff:", 7)
|
||||
+ && dot_quad_addr(string + 7) != INADDR_NONE)
|
||||
+ return (masked_match4(net_tok, mask_tok, string + 7));
|
||||
+
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = AF_INET6;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
@@ -452,13 +461,6 @@ char *string;
|
||||
memcpy(&addr, res->ai_addr, sizeof(addr));
|
||||
freeaddrinfo(res);
|
||||
|
||||
- if (IN6_IS_ADDR_V4MAPPED(&addr.sin6_addr)) {
|
||||
- if ((*(u_int32_t *)&net.sin6_addr.s6_addr[12] = dot_quad_addr(net_tok)) == INADDR_NONE
|
||||
- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE)
|
||||
- return (NO);
|
||||
- return ((*(u_int32_t *)&addr.sin6_addr.s6_addr[12] & mask) == *(u_int32_t *)&net.sin6_addr.s6_addr[12]);
|
||||
- }
|
||||
-
|
||||
/* match IPv6 address against netnumber/prefixlen */
|
||||
len = strlen(net_tok);
|
||||
if (*net_tok != '[' || net_tok[len - 1] != ']')
|
||||
diff -up tcp_wrappers_7.6/socket.c.patch10 tcp_wrappers_7.6/socket.c
|
||||
--- tcp_wrappers_7.6/socket.c.patch10 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/socket.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -228,7 +228,7 @@ struct host_info *host;
|
||||
hints.ai_family = sin->sa_family;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST;
|
||||
- if ((err = getaddrinfo(host->name, NULL, &hints, &res0) == 0)) {
|
||||
+ if ((err = getaddrinfo(host->name, NULL, &hints, &res0)) == 0) {
|
||||
freeaddrinfo(res0);
|
||||
res0 = NULL;
|
||||
tcpd_warn("host name/name mismatch: "
|
File diff suppressed because it is too large
Load Diff
|
@ -1,7 +1,7 @@
|
|||
diff -up tcp_wrappers_7.6/hosts_access.c.patch22 tcp_wrappers_7.6/hosts_access.c
|
||||
--- tcp_wrappers_7.6/hosts_access.c.patch22 2008-08-29 09:45:12.000000000 +0200
|
||||
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
||||
@@ -426,7 +426,9 @@ char *string;
|
||||
@@ -419,7 +419,9 @@ char *string;
|
||||
if ((addr = dot_quad_addr(string)) == INADDR_NONE)
|
||||
return (NO);
|
||||
if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
|
||||
|
@ -9,6 +9,6 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch22 tcp_wrappers_7.6/hosts_access.c
|
|||
+ || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
|
||||
+ && strcmp(mask_tok, "255.255.255.255"))) {
|
||||
+ /* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */
|
||||
#ifndef INET6
|
||||
tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
|
||||
#endif
|
||||
return (NO); /* not tcpd_jump() */
|
||||
}
|
||||
|
|
|
@ -14,8 +14,8 @@ diff -up tcp_wrappers_7.6/Makefile.patch1 tcp_wrappers_7.6/Makefile
|
|||
linux:
|
||||
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
|
||||
- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
|
||||
+ NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER -DUSE_STRERROR" all
|
||||
+ NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
|
||||
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
|
||||
hpux hpux8 hpux9 hpux10:
|
||||
|
|
|
@ -7,6 +7,6 @@ diff -up tcp_wrappers_7.6/Makefile.patch2 tcp_wrappers_7.6/Makefile
|
|||
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
|
||||
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||
NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
|
||||
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
|
||||
|
|
|
@ -6,9 +6,9 @@ diff -up tcp_wrappers_7.6/Makefile.patch3 tcp_wrappers_7.6/Makefile
|
|||
linux:
|
||||
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||
- NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
- NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
+ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
|
||||
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
|
||||
hpux hpux8 hpux9 hpux10:
|
||||
|
|
Loading…
Reference in New Issue