From cf076b1867b6310182b72007111dfb89612eedcf Mon Sep 17 00:00:00 2001 From: Viktor Hercinger Date: Mon, 28 Jan 2013 13:51:32 +0100 Subject: [PATCH] updated to upstream ipv6 support --- .gitignore | 1 + sources | 2 +- tcp_wrappers-7.6-196326.patch | 6 +- tcp_wrappers-7.6-220015.patch | 4 +- tcp_wrappers-7.6-altformat.patch | 37 + tcp_wrappers-7.6-bug17847.patch | 21 +- tcp_wrappers-7.6-bug698464.patch | 36 +- tcp_wrappers-7.6-fixgethostbyname.patch | 29 +- tcp_wrappers-7.6-restore_sigalarm.patch | 37 - tcp_wrappers-7.6-shared.patch | 101 +- tcp_wrappers-7.6-strerror.patch | 28 - tcp_wrappers-7.6-uchart_fix.patch | 21 + tcp_wrappers-7.6-warnings.patch | 97 +- tcp_wrappers.spec | 19 +- tcp_wrappers.ume-ipv6.patch | 45 - tcp_wrappers.usagi-ipv6.patch | 1114 +---------------------- tcp_wrappers_7.6-249430.patch | 6 +- tcpw7.2-config.patch | 4 +- tcpw7.2-setenv.patch | 2 +- tcpw7.6-netgroup.patch | 4 +- 20 files changed, 271 insertions(+), 1343 deletions(-) create mode 100644 tcp_wrappers-7.6-altformat.patch delete mode 100644 tcp_wrappers-7.6-restore_sigalarm.patch delete mode 100644 tcp_wrappers-7.6-strerror.patch create mode 100644 tcp_wrappers-7.6-uchart_fix.patch delete mode 100644 tcp_wrappers.ume-ipv6.patch diff --git a/.gitignore b/.gitignore index 59e6073..7aa1a93 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ tcp_wrappers_7.6.tar.gz +tcp_wrappers_7.6-ipv6.4.tar.gz diff --git a/sources b/sources index 7c11142..f6a0180 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e6fa25f71226d090f34de3f6b122fb5a tcp_wrappers_7.6.tar.gz +ccbc2676977c31bbd43783abfbf2fdcf tcp_wrappers_7.6-ipv6.4.tar.gz diff --git a/tcp_wrappers-7.6-196326.patch b/tcp_wrappers-7.6-196326.patch index 78fdb9d..bd98250 100644 --- a/tcp_wrappers-7.6-196326.patch +++ b/tcp_wrappers-7.6-196326.patch @@ -1,7 +1,7 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch21 tcp_wrappers_7.6/hosts_access.c --- tcp_wrappers_7.6/hosts_access.c.patch21 2008-08-29 09:45:12.000000000 +0200 +++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200 -@@ -346,6 +346,9 @@ char *string; +@@ -391,6 +391,9 @@ char *string; return (STR_NE(string, unknown)); } else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */ return (STRN_EQ(tok, string, n)); @@ -9,5 +9,5 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch21 tcp_wrappers_7.6/hosts_access.c + && (STR_EQ(string, "localhost") || STR_EQ(string, "localhost.localdomain"))) { + return (YES); /* these localhosts are equivalent */ } else { /* exact match */ - #ifdef INET6 - struct addrinfo hints, *res; + return (STR_EQ(tok, string)); + } diff --git a/tcp_wrappers-7.6-220015.patch b/tcp_wrappers-7.6-220015.patch index a0ff835..77f5d07 100644 --- a/tcp_wrappers-7.6-220015.patch +++ b/tcp_wrappers-7.6-220015.patch @@ -23,8 +23,8 @@ diff -up tcp_wrappers_7.6/hosts_ctl.c.patch17 tcp_wrappers_7.6/hosts_ctl.c diff -up tcp_wrappers_7.6/socket.c.patch17 tcp_wrappers_7.6/socket.c --- tcp_wrappers_7.6/socket.c.patch17 2008-08-29 09:45:12.000000000 +0200 +++ tcp_wrappers_7.6/socket.c 2008-08-29 09:45:12.000000000 +0200 -@@ -147,6 +147,51 @@ struct request_info *request; - #endif +@@ -130,6 +130,51 @@ struct request_info *request; + request->server->sin = &server; } +/* sock_hostnofd - look up endpoint addresses and install conversion methods */ diff --git a/tcp_wrappers-7.6-altformat.patch b/tcp_wrappers-7.6-altformat.patch new file mode 100644 index 0000000..ccf668d --- /dev/null +++ b/tcp_wrappers-7.6-altformat.patch @@ -0,0 +1,37 @@ +diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat tcp_wrappers_7.6-ipv6.4/hosts_access.c +--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat 2013-01-28 13:22:09.986535601 +0100 ++++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-01-28 13:42:12.142650817 +0100 +@@ -333,9 +333,9 @@ struct host_info *host; + + /* + * A /nnn prefix specifies how many bits of the address we +- * need to check. ++ * need to check. + */ +- if ((slash = strchr(tok, '/'))) { ++ if ((slash = strchr(tok, '/')) || (slash = strchr(cbr+1, '/'))) { + *slash = '\0'; + mask = atoi(slash+1); + if (mask < 0 || mask > IPV6_ABITS) { +@@ -349,6 +349,8 @@ struct host_info *host; + } + } + ++ printf("IPv6 addr/mask: %s/%s\n", tok+1, slash+1); ++ + if (cbr == NULL || inet_pton(AF_INET6, tok+1, &in6) != 1) { + tcpd_warn("bad IP6 address specification"); + return (NO); +diff -up tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat tcp_wrappers_7.6-ipv6.4/tcpdchk.c +--- tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat 2013-01-28 13:44:44.786549981 +0100 ++++ tcp_wrappers_7.6-ipv6.4/tcpdchk.c 2013-01-28 13:44:58.419629764 +0100 +@@ -434,6 +434,9 @@ char *pat; + int err = 0; + int mask = IPV6_ABITS; + ++ if (!slash) ++ slash = strchr(cbr+1, '/'); ++ + if (slash != NULL) { + *slash = '\0'; + mask = atoi(slash + 1); diff --git a/tcp_wrappers-7.6-bug17847.patch b/tcp_wrappers-7.6-bug17847.patch index b153282..eede2e7 100644 --- a/tcp_wrappers-7.6-bug17847.patch +++ b/tcp_wrappers-7.6-bug17847.patch @@ -1,6 +1,5 @@ -diff -up tcp_wrappers_7.6/hosts_access.5.patch6 tcp_wrappers_7.6/hosts_access.5 ---- tcp_wrappers_7.6/hosts_access.5.patch6 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200 +--- tcp_wrappers_7.6/hosts_access.5.patch6 2013-01-23 11:10:00.545081410 +0100 ++++ tcp_wrappers_7.6/hosts_access.5 2013-01-23 11:10:00.549081436 +0100 @@ -96,6 +96,10 @@ or address pattern listed in the named f zero or more lines with zero or more host name or address patterns separated by whitespace. A file name pattern can be used anywhere @@ -12,10 +11,9 @@ diff -up tcp_wrappers_7.6/hosts_access.5.patch6 tcp_wrappers_7.6/hosts_access.5 .SH WILDCARDS The access control language supports explicit wildcards: .IP ALL -diff -up tcp_wrappers_7.6/hosts_access.c.patch6 tcp_wrappers_7.6/hosts_access.c ---- tcp_wrappers_7.6/hosts_access.c.patch6 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200 -@@ -311,6 +311,11 @@ char *string; +--- tcp_wrappers_7.6/hosts_access.c.patch6 2013-01-23 11:10:00.546081416 +0100 ++++ tcp_wrappers_7.6/hosts_access.c 2013-01-23 11:12:28.519925230 +0100 +@@ -376,6 +376,11 @@ char *string; { int n; @@ -27,11 +25,10 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch6 tcp_wrappers_7.6/hosts_access.c if (tok[0] == '.') { /* suffix */ n = strlen(string) - strlen(tok); return (n > 0 && STR_EQ(tok, string + n)); -@@ -351,3 +356,71 @@ char *string; - } +@@ -417,6 +422,74 @@ char *string; return ((addr & mask) == net); } -+ + +#ifndef DISABLE_WILDCARD_MATCHING +/* Note: this feature has been adapted in a pretty straightforward way + from Tatu Ylonen's last SSH version under free license by @@ -99,3 +96,7 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch6 tcp_wrappers_7.6/hosts_access.c + /*NOTREACHED*/ +} +#endif /* DISABLE_WILDCARD_MATCHING */ ++ + #ifdef HAVE_IPV6 + /* + * Function that zeros all but the first "maskbits" bits of the IPV6 address diff --git a/tcp_wrappers-7.6-bug698464.patch b/tcp_wrappers-7.6-bug698464.patch index 483a119..2b3bfb8 100644 --- a/tcp_wrappers-7.6-bug698464.patch +++ b/tcp_wrappers-7.6-bug698464.patch @@ -7,34 +7,33 @@ +An expression of the form `n.n.n.n/m\' is interpreted as a +`net/prefixlen\' pair, as below, for IPv4 addresses. +.IP \(bu - An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a - `[net]/prefixlen\' pair. An IPv6 host address is matched if + An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a + `[net/prefixlen]\' pair. An IPv6 host address is matched if `prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the --- tcp_wrappers_7.6/tcpd.h.orig 2011-04-20 16:10:25.000000000 -0600 +++ tcp_wrappers_7.6/tcpd.h 2011-04-20 16:11:56.000000000 -0600 -@@ -101,6 +101,7 @@ extern void refuse __P((struct request_i - extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */ - extern char *split_at __P((char *, int)); /* strchr() and split */ - extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */ +@@ -164,6 +164,7 @@ extern void refuse __P((struct request_i + extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */ + extern char *split_at __P((char *, int)); /* strchr() and split */ + extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */ +extern unsigned long prefix_to_netmask __P((char *)); /* 0-32 prefix length */ - - /* Global variables. */ - + extern int numeric_addr __P((char *, union gen_addr *, int *, int *)); /* IP4/IP6 inet_addr (restricted) */ + extern struct hostent *tcpd_gethostbyname __P((char *, int)); + /* IP4/IP6 gethostbyname */ --- tcp_wrappers_7.6/misc.c.orig 2011-04-20 16:10:25.000000000 -0600 +++ tcp_wrappers_7.6/misc.c 2011-04-20 16:13:39.000000000 -0600 -@@ -14,6 +14,8 @@ - #include - #include +@@ -16,6 +16,7 @@ static char sccsic[] = "@(#) misc.c 1.2 #include -+#include + #include + #include +#include #include "tcpd.h" -@@ -107,3 +107,22 @@ char *str; +@@ -214,3 +215,21 @@ char *str; } - return (runs == 4 ? inet_addr(str) : INADDR_NONE); } + #endif /* HAVE_IPV6 */ + +/* prefix_to_netmask - convert prefix (0-32) to netmask */ + @@ -53,10 +52,9 @@ + + return htonl(~0UL << (32 - prefix)); +} -+ --- tcp_wrappers_7.6/hosts_access.c.orig 2011-04-20 16:10:25.000000000 -0600 +++ tcp_wrappers_7.6/hosts_access.c 2011-04-20 16:21:07.000000000 -0600 -@@ -427,8 +427,11 @@ char *string; +@@ -420,8 +420,11 @@ char *string; return (NO); if ((net = dot_quad_addr(net_tok)) == INADDR_NONE || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE @@ -66,6 +64,6 @@ + && strcmp(mask_tok, "32"))) { /* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */ + /* 32 == INADDR_NONE, separate check needed. philipp */ - #ifndef INET6 tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok); - #endif + return (NO); /* not tcpd_jump() */ + } diff --git a/tcp_wrappers-7.6-fixgethostbyname.patch b/tcp_wrappers-7.6-fixgethostbyname.patch index 5dd8178..efb4ebe 100644 --- a/tcp_wrappers-7.6-fixgethostbyname.patch +++ b/tcp_wrappers-7.6-fixgethostbyname.patch @@ -1,28 +1,27 @@ -diff -up tcp_wrappers_7.6/socket.c.patch7 tcp_wrappers_7.6/socket.c ---- tcp_wrappers_7.6/socket.c.patch7 1997-03-21 19:27:25.000000000 +0100 -+++ tcp_wrappers_7.6/socket.c 2008-08-29 09:45:12.000000000 +0200 -@@ -52,7 +52,8 @@ static struct hostent *gethostbyname_dot - char *name; +--- tcp_wrappers_7.6-ipv6.4/socket.c.patch7 1999-10-27 15:23:14.000000000 +0200 ++++ tcp_wrappers_7.6-ipv6.4/socket.c 2013-01-23 11:41:48.776857327 +0100 +@@ -54,6 +54,8 @@ int af; { char dot_name[MAXHOSTNAMELEN + 1]; -- + + struct hostent *hp; -+ ++ /* * Don't append dots to unqualified names. Such names are likely to come * from local hosts files or from NIS. -@@ -61,8 +62,12 @@ char *name; +@@ -62,8 +64,13 @@ int af; if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) { - return (gethostbyname(name)); + return (tcpd_gethostbyname(name, af)); } else { - sprintf(dot_name, "%s.", name); -- return (gethostbyname(dot_name)); +- return (tcpd_gethostbyname(dot_name, af)); + sprintf(dot_name, "%s.", name); -+ hp = gethostbyname(dot_name); -+ if (hp) -+ return hp; -+ else -+ return (gethostbyname(name)); ++ hp = tcpd_gethostbyname(dot_name, af); ++ if (hp) ++ return hp; ++ ++ else ++ return tcpd_gethostbyname(name, af); } } diff --git a/tcp_wrappers-7.6-restore_sigalarm.patch b/tcp_wrappers-7.6-restore_sigalarm.patch deleted file mode 100644 index a4b3a5d..0000000 --- a/tcp_wrappers-7.6-restore_sigalarm.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up tcp_wrappers_7.6/rfc931.c.patch18 tcp_wrappers_7.6/rfc931.c ---- tcp_wrappers_7.6/rfc931.c.patch18 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/rfc931.c 2008-08-29 09:45:12.000000000 +0200 -@@ -92,6 +92,8 @@ char *dest; - char *cp; - char *result = unknown; - FILE *fp; -+ unsigned saved_timeout; -+ struct sigaction nact, oact; - - #ifdef INET6 - /* address family must be the same */ -@@ -134,7 +136,12 @@ char *dest; - */ - - if (setjmp(timebuf) == 0) { -- signal(SIGALRM, timeout); -+ /* Save SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */ -+ saved_timeout = alarm(0); -+ nact.sa_handler = timeout; -+ nact.sa_flags = 0; -+ (void) sigemptyset(&nact.sa_mask); -+ (void) sigaction(SIGALRM, &nact, &oact); - alarm(rfc931_timeout); - - /* -@@ -223,6 +230,10 @@ char *dest; - } - alarm(0); - } -+ /* Restore SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */ -+ (void) sigaction(SIGALRM, &oact, NULL); -+ if (saved_timeout > 0) -+ alarm(saved_timeout); - fclose(fp); - } - STRN_CPY(dest, result, STRING_LENGTH); diff --git a/tcp_wrappers-7.6-shared.patch b/tcp_wrappers-7.6-shared.patch index 311f964..3971717 100644 --- a/tcp_wrappers-7.6-shared.patch +++ b/tcp_wrappers-7.6-shared.patch @@ -6,9 +6,9 @@ diff -up tcp_wrappers_7.6/Makefile.patch11 tcp_wrappers_7.6/Makefile linux: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ - LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ -- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all +- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all + LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \ -+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -fPIC -DPIC -D_REENTRANT -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all ++ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -fPIC -DPIC -D_REENTRANT -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all linux-old: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ @@ -52,30 +52,6 @@ diff -up tcp_wrappers_7.6/Makefile.patch11 tcp_wrappers_7.6/Makefile +weak_symbols.o: tcpd.h workarounds.o: cflags workarounds.o: tcpd.h -diff -up tcp_wrappers_7.6/scaffold.c.patch11 tcp_wrappers_7.6/scaffold.c ---- tcp_wrappers_7.6/scaffold.c.patch11 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/scaffold.c 2008-08-29 09:45:12.000000000 +0200 -@@ -237,10 +237,17 @@ struct request_info *request; - - /* ARGSUSED */ - --void rfc931(request) --struct request_info *request; -+void rfc931(rmt_sin, our_sin, dest) -+#ifndef INET6 -+struct sockaddr_in *rmt_sin; -+struct sockaddr_in *our_sin; -+#else -+struct sockaddr *rmt_sin; -+struct sockaddr *our_sin; -+#endif -+char *dest; - { -- strcpy(request->user, unknown); -+ strcpy(dest, unknown); - } - - /* check_path - examine accessibility */ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h --- tcp_wrappers_7.6/tcpd.h.patch11 2008-08-29 09:45:12.000000000 +0200 +++ tcp_wrappers_7.6/tcpd.h 2008-08-29 09:45:12.000000000 +0200 @@ -105,7 +81,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h /* Structure to describe one communications endpoint. */ #define STRING_LENGTH 128 /* hosts, users, processes */ -@@ -29,10 +48,10 @@ struct request_info { +@@ -92,10 +111,10 @@ struct request_info { char pid[10]; /* access via eval_pid(request) */ struct host_info client[1]; /* client endpoint info */ struct host_info server[1]; /* server endpoint info */ @@ -120,12 +96,12 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h struct netconfig *config; /* netdir handle */ }; -@@ -65,25 +84,34 @@ extern char paranoid[]; +@@ -132,33 +151,38 @@ extern char paranoid[]; /* Global functions. */ #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) -extern void fromhost(); /* get/validate client host info */ -+extern void fromhost __P((struct request_info *)); /* get/validate client host info */ ++extern void fromhost __P((struct request_info *)); /* get/validate client host info */ #else #define fromhost sock_host /* no TLI support needed */ #endif @@ -139,18 +115,25 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h -extern char *xgets(); /* fgets() on steroids */ -extern char *split_at(); /* strchr() and split */ -extern unsigned long dot_quad_addr(); /* restricted inet_addr() */ -+extern void shell_cmd __P((char *)); /* execute shell command */ -+extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do % expansion */ -+#ifdef INET6 -+extern void rfc931 __P((struct sockaddr *, struct sockaddr *, char *)); /* client name from RFC 931 daemon */ -+#else -+extern void rfc931 __P((struct sockaddr_in *, struct sockaddr_in *, char *)); /* client name from RFC 931 daemon */ -+#endif -+extern void clean_exit __P((struct request_info *)); /* clean up and exit */ -+extern void refuse __P((struct request_info *)); /* clean up and exit */ -+extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */ -+extern char *split_at __P((char *, int)); /* strchr() and split */ -+extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */ +-extern int numeric_addr(); /* IP4/IP6 inet_addr (restricted) */ +-extern struct hostent *tcpd_gethostbyname(); ++extern void shell_cmd __P((char *)); /* execute shell command */ ++extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do % expansion */ ++extern void rfc931 __P((struct sockaddr_gen *, struct sockaddr_gen *, char *)); /* client name from RFC 931 daemon */ ++extern void clean_exit __P((struct request_info *)); /* clean up and exit */ ++extern void refuse __P((struct request_info *)); /* clean up and exit */ ++extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */ ++extern char *split_at __P((char *, int)); /* strchr() and split */ ++extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */ ++extern int numeric_addr __P((char *, union gen_addr *, int *, int *)); /* IP4/IP6 inet_addr (restricted) */ ++extern struct hostent *tcpd_gethostbyname __P((char *, int)); + /* IP4/IP6 gethostbyname */ + #ifdef HAVE_IPV6 +-extern char *skip_ipv6_addrs(); /* skip over colons in IPv6 addrs */ ++extern char *skip_ipv6_addrs __P((char *)); /* skip over colons in IPv6 addrs */ + #else + #define skip_ipv6_addrs(x) x + #endif /* Global variables. */ @@ -165,7 +148,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h extern char *hosts_allow_table; /* for verification mode redirection */ extern char *hosts_deny_table; /* for verification mode redirection */ extern int hosts_access_verbose; /* for verbose matching mode */ -@@ -96,9 +124,14 @@ extern int resident; /* > 0 if residen +@@ -171,9 +195,14 @@ extern int resident; /* > 0 if residen */ #ifdef __STDC__ @@ -180,7 +163,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h extern struct request_info *request_init(); /* initialize request */ extern struct request_info *request_set(); /* update request structure */ #endif -@@ -121,27 +154,31 @@ extern struct request_info *request_set( +@@ -196,27 +225,31 @@ extern struct request_info *request_set( * host_info structures serve as caches for the lookup results. */ @@ -222,7 +205,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h #endif /* -@@ -182,7 +219,7 @@ extern struct tcpd_context tcpd_context; +@@ -257,7 +290,7 @@ extern struct tcpd_context tcpd_context; * behavior. */ @@ -231,7 +214,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h extern int dry_run; /* verification flag */ /* Bug workarounds. */ -@@ -221,3 +258,7 @@ extern char *fix_strtok(); +@@ -296,3 +329,7 @@ extern char *fix_strtok(); #define strtok my_strtok extern char *my_strtok(); #endif @@ -254,3 +237,31 @@ diff -up /dev/null tcp_wrappers_7.6/weak_symbols.c +int deny_severity = LOG_WARNING; +int allow_severity = SEVERITY; +#endif +diff -up tcp_wrappers_7.6/scaffold.c.patch11 tcp_wrappers_7.6/scaffold.c +--- tcp_wrappers_7.6/scaffold.c.patch11 2013-01-28 11:08:48.598273563 +0100 ++++ tcp_wrappers_7.6/scaffold.c 2013-01-28 11:08:56.069316992 +0100 +@@ -25,7 +25,7 @@ static char sccs_id[] = "@(#) scaffold.c + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ + #endif + +-extern char *malloc(); ++extern void *malloc(size_t); + + /* Application-specific. */ + +@@ -180,10 +180,12 @@ struct request_info *request; + + /* ARGSUSED */ + +-void rfc931(request) +-struct request_info *request; ++void rfc931(rmt_sin, our_sin, dest) ++struct sockaddr_gen *rmt_sin; ++struct sockaddr_gen *our_sin; ++char *dest; + { +- strcpy(request->user, unknown); ++ strcpy(dest, unknown); + } + + /* check_path - examine accessibility */ diff --git a/tcp_wrappers-7.6-strerror.patch b/tcp_wrappers-7.6-strerror.patch deleted file mode 100644 index 222d2f4..0000000 --- a/tcp_wrappers-7.6-strerror.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -up tcp_wrappers_7.6/percent_m.c.patch13 tcp_wrappers_7.6/percent_m.c ---- tcp_wrappers_7.6/percent_m.c.patch13 1994-12-28 17:42:37.000000000 +0100 -+++ tcp_wrappers_7.6/percent_m.c 2008-08-29 09:45:12.000000000 +0200 -@@ -13,7 +13,7 @@ static char sccsid[] = "@(#) percent_m.c - #include - - extern int errno; --#ifndef SYS_ERRLIST_DEFINED -+#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR) - extern char *sys_errlist[]; - extern int sys_nerr; - #endif -@@ -29,11 +29,15 @@ char *ibuf; - - while (*bp = *cp) - if (*cp == '%' && cp[1] == 'm') { -+#ifdef HAVE_STRERROR -+ strcpy(bp, strerror(errno)); -+#else - if (errno < sys_nerr && errno > 0) { - strcpy(bp, sys_errlist[errno]); - } else { - sprintf(bp, "Unknown error %d", errno); - } -+#endif - bp += strlen(bp); - cp += 2; - } else { diff --git a/tcp_wrappers-7.6-uchart_fix.patch b/tcp_wrappers-7.6-uchart_fix.patch new file mode 100644 index 0000000..5ac0788 --- /dev/null +++ b/tcp_wrappers-7.6-uchart_fix.patch @@ -0,0 +1,21 @@ +diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch tcp_wrappers_7.6-ipv6.4/hosts_access.c +--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch 2013-01-28 10:19:20.424857730 +0100 ++++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-01-28 10:19:44.719991745 +0100 +@@ -514,7 +514,7 @@ static void ipv6_mask(in6p, maskbits) + struct in6_addr *in6p; + int maskbits; + { +- uchar_t *p = (uchar_t*) in6p; ++ unsigned char *p = (unsigned char*) in6p; + + if (maskbits < 0 || maskbits >= IPV6_ABITS) + return; +@@ -525,7 +525,7 @@ int maskbits; + if (maskbits != 0) + *p++ &= 0xff << (8 - maskbits); + +- while (p < (((uchar_t*) in6p)) + sizeof(*in6p)) ++ while (p < (((unsigned char*) in6p)) + sizeof(*in6p)) + *p++ = 0; + } + #endif diff --git a/tcp_wrappers-7.6-warnings.patch b/tcp_wrappers-7.6-warnings.patch index 7fcbaf6..6b6bddd 100644 --- a/tcp_wrappers-7.6-warnings.patch +++ b/tcp_wrappers-7.6-warnings.patch @@ -66,7 +66,7 @@ diff -up tcp_wrappers_7.6/fix_options.c.warnings tcp_wrappers_7.6/fix_options.c unsigned int opt; @@ -46,7 +48,7 @@ struct request_info *request; struct in_addr dummy; - #ifdef INET6 + #ifdef HAVE_IPV6 struct sockaddr_storage ss; - int sslen; + unsigned int sslen; @@ -76,15 +76,16 @@ diff -up tcp_wrappers_7.6/fix_options.c.warnings tcp_wrappers_7.6/fix_options.c diff -up tcp_wrappers_7.6/hosts_access.c.warnings tcp_wrappers_7.6/hosts_access.c --- tcp_wrappers_7.6/hosts_access.c.warnings 2011-08-16 10:29:50.233418824 +0200 +++ tcp_wrappers_7.6/hosts_access.c 2011-08-16 10:29:51.653475947 +0200 -@@ -39,6 +39,8 @@ static char sccsid[] = "@(#) hosts_acces +@@ -33,6 +33,9 @@ static char sccsid[] = "@(#) hosts_acces #include #include #include +#include +#include - #ifdef INET6 - #include - #endif ++#include + + extern char *fgets(); + extern int errno; @@ -58,6 +60,8 @@ extern int errno; extern jmp_buf tcpd_buf; @@ -94,6 +95,23 @@ diff -up tcp_wrappers_7.6/hosts_access.c.warnings tcp_wrappers_7.6/hosts_access. /* Delimiters for lists of daemons or clients. */ static char sep[] = ", \t\r\n"; +@@ -323,14 +328,14 @@ struct host_info *host; + hip = &host->sin->sg_sin6.sin6_addr; + } + +- if (cbr = strchr(tok, ']')) ++ if ((cbr = strchr(tok, ']'))) + *cbr = '\0'; + + /* + * A /nnn prefix specifies how many bits of the address we + * need to check. + */ +- if (slash = strchr(tok, '/')) { ++ if ((slash = strchr(tok, '/'))) { + *slash = '\0'; + mask = atoi(slash+1); + if (mask < 0 || mask > IPV6_ABITS) { diff -up tcp_wrappers_7.6/inetcf.c.warnings tcp_wrappers_7.6/inetcf.c --- tcp_wrappers_7.6/inetcf.c.warnings 2011-08-16 10:29:48.117418621 +0200 +++ tcp_wrappers_7.6/inetcf.c 2011-08-16 10:29:51.752605633 +0200 @@ -309,8 +327,8 @@ diff -up tcp_wrappers_7.6/percent_m.c.warnings tcp_wrappers_7.6/percent_m.c - while (*bp = *cp) + while ((*bp = *cp)) if (*cp == '%' && cp[1] == 'm') { - #ifdef HAVE_STRERROR - strcpy(bp, strerror(errno)); + #ifdef USE_STRERROR + strcpy(bp, strerror(errno)); diff -up tcp_wrappers_7.6/percent_x.c.warnings tcp_wrappers_7.6/percent_x.c --- tcp_wrappers_7.6/percent_x.c.warnings 1994-12-28 17:42:38.000000000 +0100 +++ tcp_wrappers_7.6/percent_x.c 2011-08-16 10:29:52.116485510 +0200 @@ -341,7 +359,7 @@ diff -up tcp_wrappers_7.6/rfc931.c.warnings tcp_wrappers_7.6/rfc931.c + unsigned saved_timeout = 0; struct sigaction nact, oact; - #ifdef INET6 + /* @@ -223,7 +224,7 @@ char *dest; * protocol, not part of the data. */ @@ -397,43 +415,24 @@ diff -up tcp_wrappers_7.6/scaffold.c.warnings tcp_wrappers_7.6/scaffold.c #ifndef INADDR_NONE #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ -@@ -174,7 +176,9 @@ char *host; - struct hostent *hp; - #endif - int count; -+#ifndef INET6 - char *addr; -+#endif - - if ((hp = find_inet_addr(host)) == 0) - return (0); diff -up tcp_wrappers_7.6/socket.c.warnings tcp_wrappers_7.6/socket.c --- tcp_wrappers_7.6/socket.c.warnings 2011-08-16 10:29:48.319483715 +0200 +++ tcp_wrappers_7.6/socket.c 2011-08-16 10:29:52.630463906 +0200 -@@ -95,7 +95,7 @@ struct request_info *request; - static struct sockaddr_in client; - static struct sockaddr_in server; - #endif +@@ -84,7 +84,7 @@ struct request_info *request; + { + static struct sockaddr_gen client; + static struct sockaddr_gen server; - int len; + unsigned len; char buf[BUFSIZ]; int fd = request->fd; -@@ -228,7 +228,7 @@ struct host_info *host; - struct sockaddr *sin = host->sin; - struct sockaddr_in sin4; - struct addrinfo hints, *res, *res0 = NULL; -- int salen, alen, err = 1; -+ int salen, alen = 0, err = 1; - char *ap = NULL, *rap, hname[NI_MAXHOST]; - - if (sin != NULL) { -@@ -471,7 +471,7 @@ int fd; - #else +@@ -293,7 +293,7 @@ int fd; + { + char buf[BUFSIZ]; struct sockaddr_in sin; - #endif - int size = sizeof(sin); -+ unsigned int size = sizeof(sin); ++ unsigned size = sizeof(sin); /* * Eat up the not-yet received datagram. Some systems insist on a @@ -464,7 +463,7 @@ diff -up tcp_wrappers_7.6/tcpd.c.warnings tcp_wrappers_7.6/tcpd.c diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c --- tcp_wrappers_7.6/tcpdchk.c.warnings 2011-08-16 10:29:45.552501988 +0200 +++ tcp_wrappers_7.6/tcpdchk.c 2011-08-16 10:47:12.440605857 +0200 -@@ -33,6 +33,8 @@ static char sccsid[] = "@(#) tcpdchk.c 1 +@@ -30,6 +30,8 @@ static char sccsid[] = "@(#) tcpdchk.c 1 #include #include #include @@ -473,7 +472,7 @@ diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c extern int errno; extern void exit(); -@@ -202,13 +204,15 @@ struct request_info *request; +@@ -199,13 +201,15 @@ struct request_info *request; char sv_list[BUFLEN]; /* becomes list of daemons */ char *cl_list; /* becomes list of requests */ char *sh_cmd; /* becomes optional shell command */ @@ -490,7 +489,7 @@ diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c tcpd_context.file = table; tcpd_context.line = 0; while (xgets(sv_list, sizeof(sv_list), fp)) { -@@ -334,7 +338,7 @@ char *list; +@@ -331,7 +335,7 @@ char *list; clients = 0; } else { clients++; @@ -499,15 +498,15 @@ diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c check_user(cp); check_host(host); } else { -@@ -450,7 +454,7 @@ char *pat; - tcpd_warn("netgroup support disabled"); - #endif +@@ -446,7 +450,7 @@ char *pat; + if (err) + tcpd_warn("bad IP6 address specification: %s", pat); #endif - } else if (mask = split_at(pat, '/')) { /* network/netmask */ + } else if ((mask = split_at(pat, '/'))) { /* network/netmask */ - #ifdef INET6 - int mask_len; - + if (dot_quad_addr(pat) == INADDR_NONE + || dot_quad_addr(mask) == INADDR_NONE) + tcpd_warn("%s/%s: bad net/mask pattern", pat, mask); diff -up tcp_wrappers_7.6/tcpdmatch.c.warnings tcp_wrappers_7.6/tcpdmatch.c --- tcp_wrappers_7.6/tcpdmatch.c.warnings 2011-08-16 10:29:49.531427106 +0200 +++ tcp_wrappers_7.6/tcpdmatch.c 2011-08-16 10:29:52.968605853 +0200 @@ -519,16 +518,6 @@ diff -up tcp_wrappers_7.6/tcpdmatch.c.warnings tcp_wrappers_7.6/tcpdmatch.c extern void exit(); extern int optind; -@@ -65,7 +66,9 @@ char **argv; - char *myname = argv[0]; - char *client; - char *server; -+#ifndef INET6 - char *addr; -+#endif - char *user; - char *daemon; - struct request_info request; diff -up tcp_wrappers_7.6/try-from.c.warnings tcp_wrappers_7.6/try-from.c --- tcp_wrappers_7.6/try-from.c.warnings 1994-12-28 17:42:55.000000000 +0100 +++ tcp_wrappers_7.6/try-from.c 2011-08-16 10:29:53.095607440 +0200 diff --git a/tcp_wrappers.spec b/tcp_wrappers.spec index 7c58ebe..65a5862 100644 --- a/tcp_wrappers.spec +++ b/tcp_wrappers.spec @@ -1,7 +1,7 @@ Summary: A security tool which acts as a wrapper for TCP daemons Name: tcp_wrappers Version: 7.6 -Release: 70%{?dist} +Release: 71%{?dist} %define LIB_MAJOR 0 %define LIB_MINOR 7 @@ -9,7 +9,7 @@ Release: 70%{?dist} License: BSD Group: System Environment/Daemons -Source: ftp://ftp.porcupine.org/pub/security/%{name}_%{version}.tar.gz +Source: ftp://ftp.porcupine.org/pub/security/%{name}_%{version}-ipv6.4.tar.gz URL: ftp://ftp.porcupine.org/pub/security/index.html Patch0: tcpw7.2-config.patch Patch1: tcpw7.2-setenv.patch @@ -21,15 +21,12 @@ Patch6: tcp_wrappers-7.6-fixgethostbyname.patch Patch7: tcp_wrappers-7.6-docu.patch Patch8: tcp_wrappers-7.6-man.patch Patch9: tcp_wrappers.usagi-ipv6.patch -Patch10: tcp_wrappers.ume-ipv6.patch Patch11: tcp_wrappers-7.6-shared.patch Patch12: tcp_wrappers-7.6-sig.patch -Patch13: tcp_wrappers-7.6-strerror.patch Patch14: tcp_wrappers-7.6-ldflags.patch Patch15: tcp_wrappers-7.6-fix_sig-bug141110.patch Patch16: tcp_wrappers-7.6-162412.patch Patch17: tcp_wrappers-7.6-220015.patch -Patch18: tcp_wrappers-7.6-restore_sigalarm.patch Patch19: tcp_wrappers-7.6-siglongjmp.patch Patch20: tcp_wrappers-7.6-sigchld.patch Patch21: tcp_wrappers-7.6-196326.patch @@ -40,6 +37,8 @@ Patch25: tcp_wrappers-7.6-relro.patch Patch26: tcp_wrappers-7.6-xgets.patch Patch27: tcp_wrappers-7.6-initgroups.patch Patch28: tcp_wrappers-7.6-warnings.patch +Patch29: tcp_wrappers-7.6-uchart_fix.patch +Patch30: tcp_wrappers-7.6-altformat.patch # required by sin_scope_id in ipv6 patch BuildRequires: glibc-devel >= 2.2 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -72,7 +71,7 @@ tcp_wrappers-devel contains the libraries and header files needed to develop applications with tcp_wrappers support. %prep -%setup -q -n %{name}_%{version} +%setup -q -n %{name}_%{version}-ipv6.4 %patch0 -p1 -b .config %patch1 -p1 -b .setenv %patch2 -p1 -b .netgroup @@ -83,15 +82,12 @@ develop applications with tcp_wrappers support. %patch7 -p1 -b .docu %patch8 -p1 -b .man %patch9 -p1 -b .usagi-ipv6 -%patch10 -p1 -b .ume-ipv6 %patch11 -p1 -b .shared %patch12 -p1 -b .sig -%patch13 -p1 -b .strerror %patch14 -p1 -b .cflags %patch15 -p1 -b .fix_sig %patch16 -p1 -b .162412 %patch17 -p1 -b .220015 -%patch18 -p1 -b .restore_sigalarm %patch19 -p1 -b .siglongjmp %patch20 -p1 -b .sigchld %patch21 -p1 -b .196326 @@ -102,6 +98,8 @@ develop applications with tcp_wrappers support. %patch26 -p1 -b .xgets %patch27 -p1 -b .initgroups %patch28 -p1 -b .warnings +%patch29 -p1 -b .uchart_fix +%patch30 -p1 -b .altformat %build make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux @@ -159,6 +157,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man3/* %changelog +* Mon Jan 28 2013 Viktor Hercinger - 7.6-71 +- Updated to version with upstream IPv6 support + * Sat Jul 21 2012 Fedora Release Engineering - 7.6-70 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild diff --git a/tcp_wrappers.ume-ipv6.patch b/tcp_wrappers.ume-ipv6.patch deleted file mode 100644 index 07ddc97..0000000 --- a/tcp_wrappers.ume-ipv6.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up tcp_wrappers_7.6/hosts_access.c.patch10 tcp_wrappers_7.6/hosts_access.c ---- tcp_wrappers_7.6/hosts_access.c.patch10 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200 -@@ -443,6 +443,15 @@ char *string; - int len, mask_len, i = 0; - char ch; - -+ /* -+ * Behavior of getaddrinfo() against IPv4-mapped IPv6 address is -+ * different between KAME and Solaris8. While KAME returns -+ * AF_INET6, Solaris8 returns AF_INET. So, we avoid this here. -+ */ -+ if (STRN_EQ(string, "::ffff:", 7) -+ && dot_quad_addr(string + 7) != INADDR_NONE) -+ return (masked_match4(net_tok, mask_tok, string + 7)); -+ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_INET6; - hints.ai_socktype = SOCK_STREAM; -@@ -452,13 +461,6 @@ char *string; - memcpy(&addr, res->ai_addr, sizeof(addr)); - freeaddrinfo(res); - -- if (IN6_IS_ADDR_V4MAPPED(&addr.sin6_addr)) { -- if ((*(u_int32_t *)&net.sin6_addr.s6_addr[12] = dot_quad_addr(net_tok)) == INADDR_NONE -- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) -- return (NO); -- return ((*(u_int32_t *)&addr.sin6_addr.s6_addr[12] & mask) == *(u_int32_t *)&net.sin6_addr.s6_addr[12]); -- } -- - /* match IPv6 address against netnumber/prefixlen */ - len = strlen(net_tok); - if (*net_tok != '[' || net_tok[len - 1] != ']') -diff -up tcp_wrappers_7.6/socket.c.patch10 tcp_wrappers_7.6/socket.c ---- tcp_wrappers_7.6/socket.c.patch10 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/socket.c 2008-08-29 09:45:12.000000000 +0200 -@@ -228,7 +228,7 @@ struct host_info *host; - hints.ai_family = sin->sa_family; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST; -- if ((err = getaddrinfo(host->name, NULL, &hints, &res0) == 0)) { -+ if ((err = getaddrinfo(host->name, NULL, &hints, &res0)) == 0) { - freeaddrinfo(res0); - res0 = NULL; - tcpd_warn("host name/name mismatch: " diff --git a/tcp_wrappers.usagi-ipv6.patch b/tcp_wrappers.usagi-ipv6.patch index 2fe7484..e3bc707 100644 --- a/tcp_wrappers.usagi-ipv6.patch +++ b/tcp_wrappers.usagi-ipv6.patch @@ -5,7 +5,7 @@ diff -up tcp_wrappers_7.6/fix_options.c.patch9 tcp_wrappers_7.6/fix_options.c #include #include -+#ifdef INET6 ++#ifdef HAVE_IPV6 +#include +#endif #include @@ -15,7 +15,7 @@ diff -up tcp_wrappers_7.6/fix_options.c.patch9 tcp_wrappers_7.6/fix_options.c unsigned int opt; int optlen; struct in_addr dummy; -+#ifdef INET6 ++#ifdef HAVE_IPV6 + struct sockaddr_storage ss; + int sslen; + @@ -47,220 +47,16 @@ diff -up tcp_wrappers_7.6/hosts_access.5.patch9 tcp_wrappers_7.6/hosts_access.5 pattern `131.155.72.0/255.255.254.0\' matches every address in the range `131.155.72.0\' through `131.155.73.255\'. .IP \(bu -+An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a -+`[net]/prefixlen\' pair. An IPv6 host address is matched if ++An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a ++`[net/prefixlen]\' pair. An IPv6 host address is matched if +`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the -+address. For example, the [net]/prefixlen pattern -+`[3ffe:505:2:1::]/64\' matches every address in the range ++address. For example, the [net/prefixlen] pattern ++`[3ffe:505:2:1::/64]\' matches every address in the range +`3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'. +.IP \(bu A string that begins with a `/\' character is treated as a file name. A host name or address is matched if it matches any host name or address pattern listed in the named file. The file format is -diff -up tcp_wrappers_7.6/hosts_access.c.patch9 tcp_wrappers_7.6/hosts_access.c ---- tcp_wrappers_7.6/hosts_access.c.patch9 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200 -@@ -24,7 +24,13 @@ static char sccsid[] = "@(#) hosts_acces - /* System libraries. */ - - #include -+#ifdef INT32_T -+ typedef uint32_t u_int32_t; -+#endif - #include -+#ifdef INET6 -+#include -+#endif - #include - #include - #include -@@ -33,6 +39,9 @@ static char sccsid[] = "@(#) hosts_acces - #include - #include - #include -+#ifdef INET6 -+#include -+#endif - - extern char *fgets(); - extern int errno; -@@ -82,6 +91,10 @@ static int client_match(); - static int host_match(); - static int string_match(); - static int masked_match(); -+#ifdef INET6 -+static int masked_match4(); -+static int masked_match6(); -+#endif - - /* Size of logical line buffer. */ - -@@ -311,6 +324,13 @@ char *string; - { - int n; - -+#ifdef INET6 -+ /* convert IPv4 mapped IPv6 address to IPv4 address */ -+ if (STRN_EQ(string, "::ffff:", 7) -+ && dot_quad_addr(string + 7) != INADDR_NONE) { -+ string += 7; -+ } -+#endif - #ifndef DISABLE_WILDCARD_MATCHING - if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */ - return (match_pattern_ylo(string,tok)); -@@ -326,20 +346,72 @@ char *string; - } else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */ - return (STRN_EQ(tok, string, n)); - } else { /* exact match */ -+#ifdef INET6 -+ struct addrinfo hints, *res; -+ struct sockaddr_in6 pat, addr; -+ int len, ret; -+ char ch; -+ -+ len = strlen(tok); -+ if (*tok == '[' && tok[len - 1] == ']') { -+ ch = tok[len - 1]; -+ tok[len - 1] = '\0'; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_INET6; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; -+ if ((ret = getaddrinfo(tok + 1, NULL, &hints, &res)) == 0) { -+ memcpy(&pat, res->ai_addr, sizeof(pat)); -+ freeaddrinfo(res); -+ } -+ tok[len - 1] = ch; -+ if (ret != 0 || getaddrinfo(string, NULL, &hints, &res) != 0) -+ return NO; -+ memcpy(&addr, res->ai_addr, sizeof(addr)); -+ freeaddrinfo(res); -+#ifdef NI_WITHSCOPEID -+ if (pat.sin6_scope_id != 0 && -+ addr.sin6_scope_id != pat.sin6_scope_id) -+ return NO; -+#endif -+ return (!memcmp(&pat.sin6_addr, &addr.sin6_addr, -+ sizeof(struct in6_addr))); -+ return (ret); -+ } -+#endif - return (STR_EQ(tok, string)); - } - } - - /* masked_match - match address against netnumber/netmask */ - -+#ifdef INET6 - static int masked_match(net_tok, mask_tok, string) - char *net_tok; - char *mask_tok; - char *string; - { -+ return (masked_match4(net_tok, mask_tok, string) || -+ masked_match6(net_tok, mask_tok, string)); -+} -+ -+static int masked_match4(net_tok, mask_tok, string) -+#else -+static int masked_match(net_tok, mask_tok, string) -+#endif -+char *net_tok; -+char *mask_tok; -+char *string; -+{ -+#ifdef INET6 -+ u_int32_t net; -+ u_int32_t mask; -+ u_int32_t addr; -+#else - unsigned long net; - unsigned long mask; - unsigned long addr; -+#endif - - /* - * Disallow forms other than dotted quad: the treatment that inet_addr() -@@ -351,12 +423,78 @@ char *string; - return (NO); - if ((net = dot_quad_addr(net_tok)) == INADDR_NONE - || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) { -+#ifndef INET6 - tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok); -+#endif - return (NO); /* not tcpd_jump() */ - } - return ((addr & mask) == net); - } - -+#ifdef INET6 -+static int masked_match6(net_tok, mask_tok, string) -+char *net_tok; -+char *mask_tok; -+char *string; -+{ -+ struct addrinfo hints, *res; -+ struct sockaddr_in6 net, addr; -+ u_int32_t mask; -+ int len, mask_len, i = 0; -+ char ch; -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_INET6; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; -+ if (getaddrinfo(string, NULL, &hints, &res) != 0) -+ return NO; -+ memcpy(&addr, res->ai_addr, sizeof(addr)); -+ freeaddrinfo(res); -+ -+ if (IN6_IS_ADDR_V4MAPPED(&addr.sin6_addr)) { -+ if ((*(u_int32_t *)&net.sin6_addr.s6_addr[12] = dot_quad_addr(net_tok)) == INADDR_NONE -+ || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) -+ return (NO); -+ return ((*(u_int32_t *)&addr.sin6_addr.s6_addr[12] & mask) == *(u_int32_t *)&net.sin6_addr.s6_addr[12]); -+ } -+ -+ /* match IPv6 address against netnumber/prefixlen */ -+ len = strlen(net_tok); -+ if (*net_tok != '[' || net_tok[len - 1] != ']') -+ return NO; -+ ch = net_tok[len - 1]; -+ net_tok[len - 1] = '\0'; -+ if (getaddrinfo(net_tok + 1, NULL, &hints, &res) != 0) { -+ net_tok[len - 1] = ch; -+ return NO; -+ } -+ memcpy(&net, res->ai_addr, sizeof(net)); -+ freeaddrinfo(res); -+ net_tok[len - 1] = ch; -+ if ((mask_len = atoi(mask_tok)) < 0 || mask_len > 128) -+ return NO; -+ -+#ifdef NI_WITHSCOPEID -+ if (net.sin6_scope_id != 0 && addr.sin6_scope_id != net.sin6_scope_id) -+ return NO; -+#endif -+ while (mask_len > 0) { -+ if (mask_len < 32) { -+ mask = htonl(~(0xffffffff >> mask_len)); -+ if ((*(u_int32_t *)&addr.sin6_addr.s6_addr[i] & mask) != (*(u_int32_t *)&net.sin6_addr.s6_addr[i] & mask)) -+ return NO; -+ break; -+ } -+ if (*(u_int32_t *)&addr.sin6_addr.s6_addr[i] != *(u_int32_t *)&net.sin6_addr.s6_addr[i]) -+ return NO; -+ i += 4; -+ mask_len -= 32; -+ } -+ return YES; -+} -+#endif /* INET6 */ -+ - #ifndef DISABLE_WILDCARD_MATCHING - /* Note: this feature has been adapted in a pretty straightforward way - from Tatu Ylonen's last SSH version under free license by diff -up tcp_wrappers_7.6/inetcf.c.patch9 tcp_wrappers_7.6/inetcf.c --- tcp_wrappers_7.6/inetcf.c.patch9 1997-02-12 02:13:24.000000000 +0100 +++ tcp_wrappers_7.6/inetcf.c 2008-08-29 09:45:12.000000000 +0200 @@ -268,15 +64,15 @@ diff -up tcp_wrappers_7.6/inetcf.c.patch9 tcp_wrappers_7.6/inetcf.c * guesses. Shorter names follow longer ones. */ char *inet_files[] = { -+#ifdef INET6 ++#ifdef HAVE_IPV6 + "/usr/local/v6/etc/inet6d.conf", /* KAME */ +#endif "/private/etc/inetd.conf", /* NEXT */ "/etc/inet/inetd.conf", /* SYSV4 */ "/usr/etc/inetd.conf", /* IRIX?? */ diff -up tcp_wrappers_7.6/Makefile.patch9 tcp_wrappers_7.6/Makefile ---- tcp_wrappers_7.6/Makefile.patch9 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200 +--- tcp_wrappers_7.6/Makefile.patch9 2013-01-25 10:53:33.891349937 +0100 ++++ tcp_wrappers_7.6/Makefile 2013-01-25 11:00:57.362801588 +0100 @@ -21,7 +21,7 @@ what: @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix" @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211" @@ -286,58 +82,49 @@ diff -up tcp_wrappers_7.6/Makefile.patch9 tcp_wrappers_7.6/Makefile @echo " uts215 uxp" @echo @echo "If none of these match your environment, edit the system" -@@ -131,20 +131,33 @@ epix: - NETGROUP=-DNETGROUP TLI= SYSTYPE="-systype bsd43" all - - # Freebsd and linux by default have no NIS. --386bsd netbsd bsdos: -+386bsd bsdos: - @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ - LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ - EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all +@@ -138,13 +138,25 @@ epix: freebsd: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="-L/usr/local/v6/lib -linet6" \ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ -- EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all -+ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DINET6 -Dss_family=__ss_family -Dss_len=__ss_len" \ -+ VSYSLOG= all +- EXTRA_CFLAGS=-DUSE_STRERROR VSYSLOG= all ++ EXTRA_CFLAGS="-DUSE_STRERROR -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all + +netbsd: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ -+ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DINET6 -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all ++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all linux: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ -- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all -+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all +- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all ++ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all + +linux-old: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="/usr/inet6/lib/libinet6.a -lresolv" \ + RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP= TLI= \ -+ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=sin6_family -Dsockaddr_storage=sockaddr_in6 -I/usr/inet6/include" all ++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=sin6_family -Dsockaddr_storage=sockaddr_in6 -I/usr/inet6/include" all # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. hpux hpux8 hpux9 hpux10: -@@ -196,6 +209,13 @@ sunos5: - NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \ - BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" all +@@ -197,6 +209,13 @@ sunos5: + BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" \ + EXTRA_CFLAGS=-DUSE_STRERROR all +# SunOS 5.8 is another SYSV4 variant, but has IPv6 support +solaris8: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \ + NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \ -+ EXTRA_CFLAGS="-DINET6 -DNO_CLONE_DEVICE -DINT32_T" all ++ EXTRA_CFLAGS="-DNO_CLONE_DEVICE -DINT32_T" all + # Generic SYSV40 esix sysv4: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ -@@ -391,7 +411,7 @@ AR = ar +@@ -392,7 +411,7 @@ AR = ar # the ones provided with this source distribution. The environ.c module # implements setenv(), getenv(), and putenv(). @@ -346,7 +133,7 @@ diff -up tcp_wrappers_7.6/Makefile.patch9 tcp_wrappers_7.6/Makefile #AUX_OBJ= environ.o #AUX_OBJ= environ.o strcasecmp.o -@@ -454,7 +474,7 @@ AUX_OBJ= setenv.o +@@ -455,7 +474,7 @@ AUX_OBJ= setenv.o # host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work # around this. The workaround does no harm on other Solaris versions. @@ -355,13 +142,22 @@ diff -up tcp_wrappers_7.6/Makefile.patch9 tcp_wrappers_7.6/Makefile #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG -@@ -472,7 +492,7 @@ BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS +@@ -473,7 +492,7 @@ BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS # If your system supports vsyslog(), comment out the following definition. # If in doubt leave it in, it won't harm. -VSYSLOG = -Dvsyslog=myvsyslog +#VSYSLOG = -Dvsyslog=myvsyslog + ############################################################### + # System dependencies: whether or not your system has IPV6 +@@ -485,7 +504,7 @@ VSYSLOG = -Dvsyslog=myvsyslog + + # If your system does not have getipnodebyname() but uses the obsolete + # gethostbyname2() instead, use this (AIX) +-# IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2 ++IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2 + # End of the system dependencies. ################################# diff -up tcp_wrappers_7.6/misc.c.patch9 tcp_wrappers_7.6/misc.c @@ -371,7 +167,7 @@ diff -up tcp_wrappers_7.6/misc.c.patch9 tcp_wrappers_7.6/misc.c { char *cp; -+#ifdef INET6 ++#ifdef HAVE_IPV6 + int bracket = 0; + + for (cp = string; cp && *cp; cp++) { @@ -406,7 +202,7 @@ diff -up tcp_wrappers_7.6/refuse.c.patch9 tcp_wrappers_7.6/refuse.c void refuse(request) struct request_info *request; { -+#ifdef INET6 ++#ifdef HAVE_IPV6 + syslog(deny_severity, "refused connect from %s (%s)", + eval_client(request), eval_hostaddr(request->client)); +#else @@ -416,613 +212,21 @@ diff -up tcp_wrappers_7.6/refuse.c.patch9 tcp_wrappers_7.6/refuse.c /* NOTREACHED */ } diff -up tcp_wrappers_7.6/rfc931.c.patch9 tcp_wrappers_7.6/rfc931.c ---- tcp_wrappers_7.6/rfc931.c.patch9 1995-01-02 16:11:34.000000000 +0100 -+++ tcp_wrappers_7.6/rfc931.c 2008-08-29 09:45:12.000000000 +0200 -@@ -68,20 +68,50 @@ int sig; - /* rfc931 - return remote user name, given socket structures */ - - void rfc931(rmt_sin, our_sin, dest) -+#ifdef INET6 -+struct sockaddr *rmt_sin; -+struct sockaddr *our_sin; -+#else - struct sockaddr_in *rmt_sin; - struct sockaddr_in *our_sin; -+#endif - char *dest; - { - unsigned rmt_port; - unsigned our_port; -+#ifdef INET6 -+ struct sockaddr_storage rmt_query_sin; -+ struct sockaddr_storage our_query_sin; -+ int alen; -+#else - struct sockaddr_in rmt_query_sin; - struct sockaddr_in our_query_sin; -+#endif - char user[256]; /* XXX */ - char buffer[512]; /* XXX */ - char *cp; - char *result = unknown; - FILE *fp; - -+#ifdef INET6 -+ /* address family must be the same */ -+ if (rmt_sin->sa_family != our_sin->sa_family) { -+ STRN_CPY(dest, result, STRING_LENGTH); -+ return; -+ } -+ switch (our_sin->sa_family) { -+ case AF_INET: -+ alen = sizeof(struct sockaddr_in); -+ break; -+ case AF_INET6: -+ alen = sizeof(struct sockaddr_in6); -+ break; -+ default: -+ STRN_CPY(dest, result, STRING_LENGTH); -+ return; -+ } -+#endif -+ - /* - * Use one unbuffered stdio stream for writing to and for reading from - * the RFC931 etc. server. This is done because of a bug in the SunOS -@@ -92,7 +122,11 @@ char *dest; +--- tcp_wrappers_7.6/rfc931.c.patch9 2004-05-04 16:01:01.000000000 +0200 ++++ tcp_wrappers_7.6/rfc931.c 2013-01-25 11:08:26.690292897 +0100 +@@ -94,6 +94,12 @@ char *dest; * sockets. */ -+#ifdef INET6 -+ if ((fp = fsocket(our_sin->sa_family, SOCK_STREAM, 0)) != 0) { -+#else - if ((fp = fsocket(AF_INET, SOCK_STREAM, 0)) != 0) { -+#endif ++ /* address family must be the same */ ++ if (SGFAM(rmt_sin) != SGFAM(our_sin)) { ++ STRN_CPY(dest, result, STRING_LENGTH); ++ return; ++ } ++ + if ((fp = fsocket(SGFAM(rmt_sin), SOCK_STREAM, 0)) != 0) { setbuf(fp, (char *) 0); - /* -@@ -112,6 +146,25 @@ char *dest; - * addresses from the query socket. - */ - -+#ifdef INET6 -+ memcpy(&our_query_sin, our_sin, alen); -+ memcpy(&rmt_query_sin, rmt_sin, alen); -+ switch (our_sin->sa_family) { -+ case AF_INET: -+ ((struct sockaddr_in *)&our_query_sin)->sin_port = htons(ANY_PORT); -+ ((struct sockaddr_in *)&rmt_query_sin)->sin_port = htons(RFC931_PORT); -+ break; -+ case AF_INET6: -+ ((struct sockaddr_in6 *)&our_query_sin)->sin6_port = htons(ANY_PORT); -+ ((struct sockaddr_in6 *)&rmt_query_sin)->sin6_port = htons(RFC931_PORT); -+ break; -+ } -+ -+ if (bind(fileno(fp), (struct sockaddr *) & our_query_sin, -+ alen) >= 0 && -+ connect(fileno(fp), (struct sockaddr *) & rmt_query_sin, -+ alen) >= 0) { -+#else - our_query_sin = *our_sin; - our_query_sin.sin_port = htons(ANY_PORT); - rmt_query_sin = *rmt_sin; -@@ -121,6 +174,7 @@ char *dest; - sizeof(our_query_sin)) >= 0 && - connect(fileno(fp), (struct sockaddr *) & rmt_query_sin, - sizeof(rmt_query_sin)) >= 0) { -+#endif - - /* - * Send query to server. Neglect the risk that a 13-byte -@@ -129,8 +183,13 @@ char *dest; - */ - - fprintf(fp, "%u,%u\r\n", -+#ifdef INET6 -+ ntohs(((struct sockaddr_in *)rmt_sin)->sin_port), -+ ntohs(((struct sockaddr_in *)our_sin)->sin_port)); -+#else - ntohs(rmt_sin->sin_port), - ntohs(our_sin->sin_port)); -+#endif - fflush(fp); - - /* -@@ -144,8 +203,13 @@ char *dest; - && ferror(fp) == 0 && feof(fp) == 0 - && sscanf(buffer, "%u , %u : USERID :%*[^:]:%255s", - &rmt_port, &our_port, user) == 3 -+#ifdef INET6 -+ && ntohs(((struct sockaddr_in *)rmt_sin)->sin_port) == rmt_port -+ && ntohs(((struct sockaddr_in *)our_sin)->sin_port) == our_port) { -+#else - && ntohs(rmt_sin->sin_port) == rmt_port - && ntohs(our_sin->sin_port) == our_port) { -+#endif - - /* - * Strip trailing carriage return. It is part of the -diff -up tcp_wrappers_7.6/scaffold.c.patch9 tcp_wrappers_7.6/scaffold.c ---- tcp_wrappers_7.6/scaffold.c.patch9 1997-03-21 19:27:24.000000000 +0100 -+++ tcp_wrappers_7.6/scaffold.c 2008-08-29 09:45:12.000000000 +0200 -@@ -25,7 +25,9 @@ static char sccs_id[] = "@(#) scaffold.c - #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ - #endif - -+#ifndef INET6 - extern char *malloc(); -+#endif - - /* Application-specific. */ - -@@ -39,6 +41,7 @@ int allow_severity = SEVERITY; - int deny_severity = LOG_WARNING; - int rfc931_timeout = RFC931_TIMEOUT; - -+#ifndef INET6 - /* dup_hostent - create hostent in one memory block */ - - static struct hostent *dup_hostent(hp) -@@ -73,9 +76,46 @@ struct hostent *hp; - } - return (&hb->host); - } -+#endif - - /* find_inet_addr - find all addresses for this host, result to free() */ - -+#ifdef INET6 -+struct addrinfo *find_inet_addr(host) -+char *host; -+{ -+ struct addrinfo hints, *res; -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = PF_UNSPEC; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; -+ if (getaddrinfo(host, NULL, &hints, &res) == 0) -+ return (res); -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = PF_UNSPEC; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE | AI_CANONNAME; -+ if (getaddrinfo(host, NULL, &hints, &res) != 0) { -+ tcpd_warn("%s: host not found", host); -+ return (0); -+ } -+ if (res->ai_family != AF_INET6 && res->ai_family != AF_INET) { -+ tcpd_warn("%d: not an internet host", res->ai_family); -+ freeaddrinfo(res); -+ return (0); -+ } -+ if (!res->ai_canonname) { -+ tcpd_warn("%s: hostname alias", host); -+ tcpd_warn("(cannot obtain official name)", res->ai_canonname); -+ } else if (STR_NE(host, res->ai_canonname)) { -+ tcpd_warn("%s: hostname alias", host); -+ tcpd_warn("(official name: %.*s)", STRING_LENGTH, res->ai_canonname); -+ } -+ return (res); -+} -+#else - struct hostent *find_inet_addr(host) - char *host; - { -@@ -118,6 +158,7 @@ char *host; - } - return (dup_hostent(hp)); - } -+#endif - - /* check_dns - give each address thorough workout, return address count */ - -@@ -125,8 +166,13 @@ int check_dns(host) - char *host; - { - struct request_info request; -+#ifdef INET6 -+ struct sockaddr_storage sin; -+ struct addrinfo *hp, *res; -+#else - struct sockaddr_in sin; - struct hostent *hp; -+#endif - int count; - char *addr; - -@@ -134,11 +180,18 @@ char *host; - return (0); - request_init(&request, RQ_CLIENT_SIN, &sin, 0); - sock_methods(&request); -+#ifndef INET6 - memset((char *) &sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; -+#endif - -+#ifdef INET6 -+ for (res = hp, count = 0; res; res = res->ai_next, count++) { -+ memcpy(&sin, res->ai_addr, res->ai_addrlen); -+#else - for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) { - memcpy((char *) &sin.sin_addr, addr, sizeof(sin.sin_addr)); -+#endif - - /* - * Force host name and address conversions. Use the request structure -@@ -151,7 +204,11 @@ char *host; - tcpd_warn("host address %s->name lookup failed", - eval_hostaddr(request.client)); - } -+#ifdef INET6 -+ freeaddrinfo(hp); -+#else - free((char *) hp); -+#endif - return (count); - } - -diff -up tcp_wrappers_7.6/scaffold.h.patch9 tcp_wrappers_7.6/scaffold.h ---- tcp_wrappers_7.6/scaffold.h.patch9 1994-12-31 18:19:20.000000000 +0100 -+++ tcp_wrappers_7.6/scaffold.h 2008-08-29 09:45:12.000000000 +0200 -@@ -4,6 +4,10 @@ - * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. - */ - -+#ifdef INET6 -+extern struct addrinfo *find_inet_addr(); -+#else - extern struct hostent *find_inet_addr(); -+#endif - extern int check_dns(); - extern int check_path(); -diff -up tcp_wrappers_7.6/socket.c.patch9 tcp_wrappers_7.6/socket.c ---- tcp_wrappers_7.6/socket.c.patch9 2008-08-29 09:45:12.000000000 +0200 -+++ tcp_wrappers_7.6/socket.c 2008-08-29 09:45:12.000000000 +0200 -@@ -24,13 +24,22 @@ static char sccsid[] = "@(#) socket.c 1. - #include - #include - #include -+#ifdef INT32_T -+typedef uint32_t u_int32_t; -+#endif - #include - #include - #include - #include - #include - -+#ifdef INET6 -+#ifndef NI_WITHSCOPEID -+#define NI_WITHSCOPEID 0 -+#endif -+#else - extern char *inet_ntoa(); -+#endif - - /* Local stuff. */ - -@@ -79,8 +88,13 @@ char *name; - void sock_host(request) - struct request_info *request; - { -+#ifdef INET6 -+ static struct sockaddr_storage client; -+ static struct sockaddr_storage server; -+#else - static struct sockaddr_in client; - static struct sockaddr_in server; -+#endif - int len; - char buf[BUFSIZ]; - int fd = request->fd; -@@ -109,7 +123,11 @@ struct request_info *request; - memset(buf, 0 sizeof(buf)); - #endif - } -+#ifdef INET6 -+ request->client->sin = (struct sockaddr *)&client; -+#else - request->client->sin = &client; -+#endif - - /* - * Determine the server binding. This is used for client username -@@ -122,7 +140,11 @@ struct request_info *request; - tcpd_warn("getsockname: %m"); - return; - } -+#ifdef INET6 -+ request->server->sin = (struct sockaddr *)&server; -+#else - request->server->sin = &server; -+#endif - } - - /* sock_hostaddr - map endpoint address to printable form */ -@@ -130,10 +152,26 @@ struct request_info *request; - void sock_hostaddr(host) - struct host_info *host; - { -+#ifdef INET6 -+ struct sockaddr *sin = host->sin; -+ int salen; -+ -+ if (!sin) -+ return; -+#ifdef SIN6_LEN -+ salen = sin->sa_len; -+#else -+ salen = (sin->sa_family == AF_INET) ? sizeof(struct sockaddr_in) -+ : sizeof(struct sockaddr_in6); -+#endif -+ getnameinfo(sin, salen, host->addr, sizeof(host->addr), -+ NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID); -+#else - struct sockaddr_in *sin = host->sin; - - if (sin != 0) - STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr)); -+#endif - } - - /* sock_hostname - map endpoint address to host name */ -@@ -141,6 +179,160 @@ struct host_info *host; - void sock_hostname(host) - struct host_info *host; - { -+#ifdef INET6 -+ struct sockaddr *sin = host->sin; -+ struct sockaddr_in sin4; -+ struct addrinfo hints, *res, *res0 = NULL; -+ int salen, alen, err = 1; -+ char *ap = NULL, *rap, hname[NI_MAXHOST]; -+ -+ if (sin != NULL) { -+ if (sin->sa_family == AF_INET6) { -+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sin; -+ -+ if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { -+ memset(&sin4, 0, sizeof(sin4)); -+#ifdef SIN6_LEN -+ sin4.sin_len = sizeof(sin4); -+#endif -+ sin4.sin_family = AF_INET; -+ sin4.sin_port = sin6->sin6_port; -+ sin4.sin_addr.s_addr = *(u_int32_t *)&sin6->sin6_addr.s6_addr[12]; -+ sin = (struct sockaddr *)&sin4; -+ } -+ } -+ switch (sin->sa_family) { -+ case AF_INET: -+ ap = (char *)&((struct sockaddr_in *)sin)->sin_addr; -+ alen = sizeof(struct in_addr); -+ salen = sizeof(struct sockaddr_in); -+ break; -+ case AF_INET6: -+ ap = (char *)&((struct sockaddr_in6 *)sin)->sin6_addr; -+ alen = sizeof(struct in6_addr); -+ salen = sizeof(struct sockaddr_in6); -+ break; -+ default: -+ break; -+ } -+ if (ap) -+ err = getnameinfo(sin, salen, hname, sizeof(hname), -+ NULL, 0, NI_WITHSCOPEID | NI_NAMEREQD); -+ } -+ if (!err) { -+ -+ STRN_CPY(host->name, hname, sizeof(host->name)); -+ -+ /* reject numeric addresses */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = sin->sa_family; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST; -+ if ((err = getaddrinfo(host->name, NULL, &hints, &res0) == 0)) { -+ freeaddrinfo(res0); -+ res0 = NULL; -+ tcpd_warn("host name/name mismatch: " -+ "reverse lookup results in non-FQDN %s", -+ host->name); -+ strcpy(host->name, paranoid); /* name is bad, clobber it */ -+ } -+ err = !err; -+ } -+ if (!err) { -+ /* we are now sure that this is non-numeric */ -+ -+ /* -+ * Verify that the address is a member of the address list returned -+ * by gethostbyname(hostname). -+ * -+ * Verify also that gethostbyaddr() and gethostbyname() return the same -+ * hostname, or rshd and rlogind may still end up being spoofed. -+ * -+ * On some sites, gethostbyname("localhost") returns "localhost.domain". -+ * This is a DNS artefact. We treat it as a special case. When we -+ * can't believe the address list from gethostbyname("localhost") -+ * we're in big trouble anyway. -+ */ -+ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = sin->sa_family; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE | AI_CANONNAME; -+ if (getaddrinfo(host->name, NULL, &hints, &res0) != 0) { -+ -+ /* -+ * Unable to verify that the host name matches the address. This -+ * may be a transient problem or a botched name server setup. -+ */ -+ -+ tcpd_warn("can't verify hostname: getaddrinfo(%s, %s) failed", -+ host->name, -+ (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6"); -+ -+ } else if ((res0->ai_canonname == NULL -+ || STR_NE(host->name, res0->ai_canonname)) -+ && STR_NE(host->name, "localhost")) { -+ -+ /* -+ * The gethostbyaddr() and gethostbyname() calls did not return -+ * the same hostname. This could be a nameserver configuration -+ * problem. It could also be that someone is trying to spoof us. -+ */ -+ -+ tcpd_warn("host name/name mismatch: %s != %.*s", -+ host->name, STRING_LENGTH, -+ (res0->ai_canonname == NULL) ? "" : res0->ai_canonname); -+ -+ } else { -+ -+ /* -+ * The address should be a member of the address list returned by -+ * gethostbyname(). We should first verify that the h_addrtype -+ * field is AF_INET, but this program has already caused too much -+ * grief on systems with broken library code. -+ */ -+ -+ for (res = res0; res; res = res->ai_next) { -+ if (res->ai_family != sin->sa_family) -+ continue; -+ switch (res->ai_family) { -+ case AF_INET: -+ rap = (char *)&((struct sockaddr_in *)res->ai_addr)->sin_addr; -+ break; -+ case AF_INET6: -+ /* need to check scope_id */ -+ if (((struct sockaddr_in6 *)sin)->sin6_scope_id != -+ ((struct sockaddr_in6 *)res->ai_addr)->sin6_scope_id) { -+ continue; -+ } -+ rap = (char *)&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; -+ break; -+ default: -+ continue; -+ } -+ if (memcmp(rap, ap, alen) == 0) { -+ freeaddrinfo(res0); -+ return; /* name is good, keep it */ -+ } -+ } -+ -+ /* -+ * The host name does not map to the initial address. Perhaps -+ * someone has messed up. Perhaps someone compromised a name -+ * server. -+ */ -+ -+ getnameinfo(sin, salen, hname, sizeof(hname), -+ NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID); -+ tcpd_warn("host name/address mismatch: %s != %.*s", -+ hname, STRING_LENGTH, -+ (res0->ai_canonname == NULL) ? "" : res0->ai_canonname); -+ } -+ strcpy(host->name, paranoid); /* name is bad, clobber it */ -+ if (res0) -+ freeaddrinfo(res0); -+ } -+#else /* INET6 */ - struct sockaddr_in *sin = host->sin; - struct hostent *hp; - int i; -@@ -220,6 +412,7 @@ struct host_info *host; - } - strcpy(host->name, paranoid); /* name is bad, clobber it */ - } -+#endif /* INET6 */ - } - - /* sock_sink - absorb unreceived IP datagram */ -@@ -228,7 +421,11 @@ static void sock_sink(fd) - int fd; - { - char buf[BUFSIZ]; -+#ifdef INET6 -+ struct sockaddr_storage sin; -+#else - struct sockaddr_in sin; -+#endif - int size = sizeof(sin); - - /* -diff -up tcp_wrappers_7.6/tcpdchk.c.patch9 tcp_wrappers_7.6/tcpdchk.c ---- tcp_wrappers_7.6/tcpdchk.c.patch9 1997-02-12 02:13:25.000000000 +0100 -+++ tcp_wrappers_7.6/tcpdchk.c 2008-08-29 09:45:12.000000000 +0200 -@@ -22,6 +22,9 @@ static char sccsid[] = "@(#) tcpdchk.c 1 - - #include - #include -+#ifdef INET6 -+#include -+#endif - #include - #include - #include -@@ -397,6 +400,31 @@ char *pat; - } - } - -+#ifdef INET6 -+static int is_inet6_addr(pat) -+ char *pat; -+{ -+ struct addrinfo hints, *res; -+ int len, ret; -+ char ch; -+ -+ if (*pat != '[') -+ return (0); -+ len = strlen(pat); -+ if ((ch = pat[len - 1]) != ']') -+ return (0); -+ pat[len - 1] = '\0'; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_INET6; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; -+ if ((ret = getaddrinfo(pat + 1, NULL, &hints, &res)) == 0) -+ freeaddrinfo(res); -+ pat[len - 1] = ch; -+ return (ret == 0); -+} -+#endif -+ - /* check_host - criticize host pattern */ - - static int check_host(pat) -@@ -423,14 +451,27 @@ char *pat; - #endif - #endif - } else if (mask = split_at(pat, '/')) { /* network/netmask */ -+#ifdef INET6 -+ int mask_len; -+ -+ if ((dot_quad_addr(pat) == INADDR_NONE -+ || dot_quad_addr(mask) == INADDR_NONE) -+ && (!is_inet6_addr(pat) -+ || ((mask_len = atoi(mask)) < 0 || mask_len > 128))) -+#else - if (dot_quad_addr(pat) == INADDR_NONE - || dot_quad_addr(mask) == INADDR_NONE) -+#endif - tcpd_warn("%s/%s: bad net/mask pattern", pat, mask); - } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ - tcpd_warn("FAIL is no longer recognized"); - tcpd_warn("(use EXCEPT or DENY instead)"); - } else if (reserved_name(pat)) { /* other reserved */ - /* void */ ; -+#ifdef INET6 -+ } else if (is_inet6_addr(pat)) { /* IPv6 address */ -+ addr_count = 1; -+#endif - } else if (NOT_INADDR(pat)) { /* internet name */ - if (pat[strlen(pat) - 1] == '.') { - tcpd_warn("%s: domain or host name ends in dot", pat); diff -up tcp_wrappers_7.6/tcpd.c.patch9 tcp_wrappers_7.6/tcpd.c --- tcp_wrappers_7.6/tcpd.c.patch9 2008-08-29 09:45:12.000000000 +0200 +++ tcp_wrappers_7.6/tcpd.c 2008-08-29 09:45:12.000000000 +0200 @@ -1030,7 +234,7 @@ diff -up tcp_wrappers_7.6/tcpd.c.patch9 tcp_wrappers_7.6/tcpd.c /* Report request and invoke the real daemon program. */ -+#ifdef INET6 ++#ifdef HAVE_IPV6 + syslog(allow_severity, "connect from %s (%s)", + eval_client(&request), eval_hostaddr(request.client)); +#else @@ -1039,230 +243,6 @@ diff -up tcp_wrappers_7.6/tcpd.c.patch9 tcp_wrappers_7.6/tcpd.c closelog(); (void) execv(path, argv); syslog(LOG_ERR, "error: cannot execute %s: %m", path); -diff -up tcp_wrappers_7.6/tcpd.h.patch9 tcp_wrappers_7.6/tcpd.h ---- tcp_wrappers_7.6/tcpd.h.patch9 1996-03-19 16:22:25.000000000 +0100 -+++ tcp_wrappers_7.6/tcpd.h 2008-08-29 09:45:12.000000000 +0200 -@@ -11,7 +11,11 @@ - struct host_info { - char name[STRING_LENGTH]; /* access via eval_hostname(host) */ - char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ -+#ifdef INET6 -+ struct sockaddr *sin; /* socket address or 0 */ -+#else - struct sockaddr_in *sin; /* socket address or 0 */ -+#endif - struct t_unitdata *unit; /* TLI transport address or 0 */ - struct request_info *request; /* for shared information */ - }; -diff -up tcp_wrappers_7.6/tcpdmatch.c.patch9 tcp_wrappers_7.6/tcpdmatch.c ---- tcp_wrappers_7.6/tcpdmatch.c.patch9 1996-02-11 17:01:36.000000000 +0100 -+++ tcp_wrappers_7.6/tcpdmatch.c 2008-08-29 09:45:12.000000000 +0200 -@@ -57,7 +57,11 @@ int main(argc, argv) - int argc; - char **argv; - { -+#ifdef INET6 -+ struct addrinfo hints, *hp, *res; -+#else - struct hostent *hp; -+#endif - char *myname = argv[0]; - char *client; - char *server; -@@ -68,8 +72,13 @@ char **argv; - int ch; - char *inetcf = 0; - int count; -+#ifdef INET6 -+ struct sockaddr_storage server_sin; -+ struct sockaddr_storage client_sin; -+#else - struct sockaddr_in server_sin; - struct sockaddr_in client_sin; -+#endif - struct stat st; - - /* -@@ -172,13 +181,20 @@ char **argv; - if (NOT_INADDR(server) == 0 || HOSTNAME_KNOWN(server)) { - if ((hp = find_inet_addr(server)) == 0) - exit(1); -+#ifndef INET6 - memset((char *) &server_sin, 0, sizeof(server_sin)); - server_sin.sin_family = AF_INET; -+#endif - request_set(&request, RQ_SERVER_SIN, &server_sin, 0); - -+#ifdef INET6 -+ for (res = hp, count = 0; res; res = res->ai_next, count++) { -+ memcpy(&server_sin, res->ai_addr, res->ai_addrlen); -+#else - for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) { - memcpy((char *) &server_sin.sin_addr, addr, - sizeof(server_sin.sin_addr)); -+#endif - - /* - * Force evaluation of server host name and address. Host name -@@ -194,7 +210,11 @@ char **argv; - fprintf(stderr, "Please specify an address instead\n"); - exit(1); - } -+#ifdef INET6 -+ freeaddrinfo(hp); -+#else - free((char *) hp); -+#endif - } else { - request_set(&request, RQ_SERVER_NAME, server, 0); - } -@@ -208,6 +228,18 @@ char **argv; - tcpdmatch(&request); - exit(0); - } -+#ifdef INET6 -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_INET6; -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; -+ if (getaddrinfo(client, NULL, &hints, &res) == 0) { -+ freeaddrinfo(res); -+ request_set(&request, RQ_CLIENT_ADDR, client, 0); -+ tcpdmatch(&request); -+ exit(0); -+ } -+#endif - - /* - * Perhaps they are testing special client hostname patterns that aren't -@@ -229,6 +261,34 @@ char **argv; - */ - if ((hp = find_inet_addr(client)) == 0) - exit(1); -+#ifdef INET6 -+ request_set(&request, RQ_CLIENT_SIN, &client_sin, 0); -+ -+ for (res = hp, count = 0; res; res = res->ai_next, count++) { -+ memcpy(&client_sin, res->ai_addr, res->ai_addrlen); -+ -+ /* -+ * getnameinfo() doesn't do reverse lookup against link-local -+ * address. So, we pass through host name evaluation against -+ * such addresses. -+ */ -+ if (res->ai_family != AF_INET6 || -+ !IN6_IS_ADDR_LINKLOCAL(&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr)) { -+ /* -+ * Force evaluation of client host name and address. Host name -+ * conflicts will be reported while eval_hostname() does its job. -+ */ -+ request_set(&request, RQ_CLIENT_NAME, "", RQ_CLIENT_ADDR, "", 0); -+ if (STR_EQ(eval_hostname(request.client), unknown)) -+ tcpd_warn("host address %s->name lookup failed", -+ eval_hostaddr(request.client)); -+ } -+ tcpdmatch(&request); -+ if (res->ai_next) -+ printf("\n"); -+ } -+ freeaddrinfo(hp); -+#else - memset((char *) &client_sin, 0, sizeof(client_sin)); - client_sin.sin_family = AF_INET; - request_set(&request, RQ_CLIENT_SIN, &client_sin, 0); -@@ -250,6 +310,7 @@ char **argv; - printf("\n"); - } - free((char *) hp); -+#endif - exit(0); - } - -diff -up tcp_wrappers_7.6/tli.c.patch9 tcp_wrappers_7.6/tli.c ---- tcp_wrappers_7.6/tli.c.patch9 1997-03-21 19:27:26.000000000 +0100 -+++ tcp_wrappers_7.6/tli.c 2008-08-29 09:45:12.000000000 +0200 -@@ -65,8 +65,13 @@ static void tli_sink(); - void tli_host(request) - struct request_info *request; - { -+#ifdef INET6 -+ static struct sockaddr_storage client; -+ static struct sockaddr_storage server; -+#else - static struct sockaddr_in client; - static struct sockaddr_in server; -+#endif - - /* - * If we discover that we are using an IP transport, pretend we never -@@ -76,14 +81,29 @@ struct request_info *request; - - tli_endpoints(request); - if ((request->config = tli_transport(request->fd)) != 0 -+#ifdef INET6 -+ && (STR_EQ(request->config->nc_protofmly, "inet") || -+ STR_EQ(request->config->nc_protofmly, "inet6"))) { -+#else - && STR_EQ(request->config->nc_protofmly, "inet")) { -+#endif - if (request->client->unit != 0) { -+#ifdef INET6 -+ client = *(struct sockaddr_storage *) request->client->unit->addr.buf; -+ request->client->sin = (struct sockaddr *) &client; -+#else - client = *(struct sockaddr_in *) request->client->unit->addr.buf; - request->client->sin = &client; -+#endif - } - if (request->server->unit != 0) { -+#ifdef INET6 -+ server = *(struct sockaddr_storage *) request->server->unit->addr.buf; -+ request->server->sin = (struct sockaddr *) &server; -+#else - server = *(struct sockaddr_in *) request->server->unit->addr.buf; - request->server->sin = &server; -+#endif - } - tli_cleanup(request); - sock_methods(request); -@@ -187,7 +207,15 @@ int fd; - } - while (config = getnetconfig(handlep)) { - if (stat(config->nc_device, &from_config) == 0) { -+#ifdef NO_CLONE_DEVICE -+ /* -+ * If the network devices are not cloned (as is the case for -+ * Solaris 8 Beta), we must compare the major device numbers. -+ */ -+ if (major(from_config.st_rdev) == major(from_client.st_rdev)) -+#else - if (minor(from_config.st_rdev) == major(from_client.st_rdev)) -+#endif - break; - } - } -diff -up tcp_wrappers_7.6/update.c.patch9 tcp_wrappers_7.6/update.c ---- tcp_wrappers_7.6/update.c.patch9 1994-12-28 17:42:56.000000000 +0100 -+++ tcp_wrappers_7.6/update.c 2008-08-29 09:45:12.000000000 +0200 -@@ -46,10 +46,18 @@ va_list ap; - request->fd = va_arg(ap, int); - continue; - case RQ_CLIENT_SIN: -+#ifdef INET6 -+ request->client->sin = va_arg(ap, struct sockaddr *); -+#else - request->client->sin = va_arg(ap, struct sockaddr_in *); -+#endif - continue; - case RQ_SERVER_SIN: -+#ifdef INET6 -+ request->server->sin = va_arg(ap, struct sockaddr *); -+#else - request->server->sin = va_arg(ap, struct sockaddr_in *); -+#endif - continue; - - /* diff -up tcp_wrappers_7.6/workarounds.c.patch9 tcp_wrappers_7.6/workarounds.c --- tcp_wrappers_7.6/workarounds.c.patch9 1996-03-19 16:22:26.000000000 +0100 +++ tcp_wrappers_7.6/workarounds.c 2008-08-29 09:45:12.000000000 +0200 @@ -1270,14 +250,14 @@ diff -up tcp_wrappers_7.6/workarounds.c.patch9 tcp_wrappers_7.6/workarounds.c int *len; { int ret; -+#ifdef INET6 ++#ifdef HAVE_IPV6 + struct sockaddr *sin = sa; +#else struct sockaddr_in *sin = (struct sockaddr_in *) sa; +#endif if ((ret = getpeername(sock, sa, len)) >= 0 -+#ifdef INET6 ++#ifdef HAVE_IPV6 + && ((sin->su_si.si_family == AF_INET6 + && IN6_IS_ADDR_UNSPECIFIED(&sin->su_sin6.sin6_addr)) + || (sin->su_si.si_family == AF_INET diff --git a/tcp_wrappers_7.6-249430.patch b/tcp_wrappers_7.6-249430.patch index 0ff6fcb..e4b26c6 100644 --- a/tcp_wrappers_7.6-249430.patch +++ b/tcp_wrappers_7.6-249430.patch @@ -1,7 +1,7 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch22 tcp_wrappers_7.6/hosts_access.c --- tcp_wrappers_7.6/hosts_access.c.patch22 2008-08-29 09:45:12.000000000 +0200 +++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200 -@@ -426,7 +426,9 @@ char *string; +@@ -419,7 +419,9 @@ char *string; if ((addr = dot_quad_addr(string)) == INADDR_NONE) return (NO); if ((net = dot_quad_addr(net_tok)) == INADDR_NONE @@ -9,6 +9,6 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch22 tcp_wrappers_7.6/hosts_access.c + || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE + && strcmp(mask_tok, "255.255.255.255"))) { + /* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */ - #ifndef INET6 tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok); - #endif + return (NO); /* not tcpd_jump() */ + } diff --git a/tcpw7.2-config.patch b/tcpw7.2-config.patch index 76d37fd..b612076 100644 --- a/tcpw7.2-config.patch +++ b/tcpw7.2-config.patch @@ -14,8 +14,8 @@ diff -up tcp_wrappers_7.6/Makefile.patch1 tcp_wrappers_7.6/Makefile linux: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ -- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all -+ NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all +- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER -DUSE_STRERROR" all ++ NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. hpux hpux8 hpux9 hpux10: diff --git a/tcpw7.2-setenv.patch b/tcpw7.2-setenv.patch index e8ee8ad..b855944 100644 --- a/tcpw7.2-setenv.patch +++ b/tcpw7.2-setenv.patch @@ -7,6 +7,6 @@ diff -up tcp_wrappers_7.6/Makefile.patch2 tcp_wrappers_7.6/Makefile @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ - LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ - NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all + NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. diff --git a/tcpw7.6-netgroup.patch b/tcpw7.6-netgroup.patch index f63e48b..239b6ed 100644 --- a/tcpw7.6-netgroup.patch +++ b/tcpw7.6-netgroup.patch @@ -6,9 +6,9 @@ diff -up tcp_wrappers_7.6/Makefile.patch3 tcp_wrappers_7.6/Makefile linux: @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ - LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ -- NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all +- NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all + LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ -+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all ++ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. hpux hpux8 hpux9 hpux10: