auto-import changelog data from tcp_wrappers-7.6-34.src.rpm
Sun Feb 16 2003 Florian La Roche <Florian.LaRoche@redhat.de> - use strerror #84312 Tue Feb 11 2003 Harald Hoyer <harald@redhat.de> 7.6-33 - revert Nalins weak version - link libwrap.so against libnsl, on which it depends Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 7.6-32 - link libwrap.so against libnsl, on which it depends - add default (weak) versions of allow_severity and deny_severity to the shared library so that configure tests can find it correctly Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29 - shared library generated and added #75494 - added security patch tcp_wrappers-7.6-sig.patch - compile and link with -fPIC -DPIC Wed Jan 22 2003 Tim Powers <timp@redhat.com> - rebuilt Tue Jan 07 2003 Jeff Johnson <jbj@redhat.com> 7.6-25 - don't include -debuginfo files in package. Tue Nov 19 2002 Tim Powers <timp@redhat.com> - rebuild on all arches
This commit is contained in:
parent
d6dccbb3cb
commit
f791644d6d
252
tcp_wrappers-7.6-shared.patch
Normal file
252
tcp_wrappers-7.6-shared.patch
Normal file
@ -0,0 +1,252 @@
|
||||
--- tcp_wrappers_7.6/Makefile.shared 2003-02-10 20:12:26.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/Makefile 2003-02-10 20:14:05.000000000 +0100
|
||||
@@ -150,8 +150,8 @@
|
||||
|
||||
linux:
|
||||
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
- LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||
- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all
|
||||
+ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
|
||||
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -fPIC -DPIC -D_REENTRANT -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all
|
||||
|
||||
linux-old:
|
||||
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
@@ -249,7 +249,7 @@
|
||||
|
||||
# Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
|
||||
uts215:
|
||||
- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
LIBS="-lsocket" RANLIB=echo \
|
||||
ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
|
||||
|
||||
@@ -706,8 +706,9 @@
|
||||
scaffold.h tcpdmatch.8 README.NIS
|
||||
|
||||
LIB = libwrap.a
|
||||
+SHLIB = libwrap.so
|
||||
|
||||
-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
|
||||
+all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(SHLIB)
|
||||
|
||||
# Invalidate all object files when the compiler options (CFLAGS) have changed.
|
||||
|
||||
@@ -724,6 +725,12 @@
|
||||
$(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
|
||||
-$(RANLIB) $(LIB)
|
||||
|
||||
+$(SHLIB): $(LIB_OBJ)
|
||||
+ gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \
|
||||
+ -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS)
|
||||
+ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR)
|
||||
+ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
|
||||
+
|
||||
tcpd: tcpd.o $(LIB)
|
||||
$(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
|
||||
|
||||
@@ -906,5 +913,6 @@
|
||||
update.o: mystdarg.h
|
||||
update.o: tcpd.h
|
||||
vfprintf.o: cflags
|
||||
+weak_symbols.o: tcpd.h
|
||||
workarounds.o: cflags
|
||||
workarounds.o: tcpd.h
|
||||
--- tcp_wrappers_7.6/tcpd.h.shared 2003-02-10 20:12:26.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/tcpd.h 2003-02-10 20:12:26.000000000 +0100
|
||||
@@ -4,6 +4,25 @@
|
||||
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
|
||||
*/
|
||||
|
||||
+#ifndef _TCPWRAPPERS_TCPD_H
|
||||
+#define _TCPWRAPPERS_TCPD_H
|
||||
+
|
||||
+/* someone else may have defined this */
|
||||
+#undef __P
|
||||
+
|
||||
+/* use prototypes if we have an ANSI C compiler or are using C++ */
|
||||
+#if defined(__STDC__) || defined(__cplusplus)
|
||||
+#define __P(args) args
|
||||
+#else
|
||||
+#define __P(args) ()
|
||||
+#endif
|
||||
+
|
||||
+/* Need definitions of struct sockaddr_in and FILE. */
|
||||
+#include <netinet/in.h>
|
||||
+#include <stdio.h>
|
||||
+
|
||||
+__BEGIN_DECLS
|
||||
+
|
||||
/* Structure to describe one communications endpoint. */
|
||||
|
||||
#define STRING_LENGTH 128 /* hosts, users, processes */
|
||||
@@ -29,10 +48,10 @@
|
||||
char pid[10]; /* access via eval_pid(request) */
|
||||
struct host_info client[1]; /* client endpoint info */
|
||||
struct host_info server[1]; /* server endpoint info */
|
||||
- void (*sink) (); /* datagram sink function or 0 */
|
||||
- void (*hostname) (); /* address to printable hostname */
|
||||
- void (*hostaddr) (); /* address to printable address */
|
||||
- void (*cleanup) (); /* cleanup function or 0 */
|
||||
+ void (*sink) __P((int)); /* datagram sink function or 0 */
|
||||
+ void (*hostname) __P((struct host_info *)); /* address to printable hostname */
|
||||
+ void (*hostaddr) __P((struct host_info *)); /* address to printable address */
|
||||
+ void (*cleanup) __P((struct request_info *)); /* cleanup function or 0 */
|
||||
struct netconfig *config; /* netdir handle */
|
||||
};
|
||||
|
||||
@@ -65,25 +84,34 @@
|
||||
/* Global functions. */
|
||||
|
||||
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
|
||||
-extern void fromhost(); /* get/validate client host info */
|
||||
+extern void fromhost __P((struct request_info *)); /* get/validate client host info */
|
||||
#else
|
||||
#define fromhost sock_host /* no TLI support needed */
|
||||
#endif
|
||||
|
||||
-extern int hosts_access(); /* access control */
|
||||
-extern void shell_cmd(); /* execute shell command */
|
||||
-extern char *percent_x(); /* do %<char> expansion */
|
||||
-extern void rfc931(); /* client name from RFC 931 daemon */
|
||||
-extern void clean_exit(); /* clean up and exit */
|
||||
-extern void refuse(); /* clean up and exit */
|
||||
-extern char *xgets(); /* fgets() on steroids */
|
||||
-extern char *split_at(); /* strchr() and split */
|
||||
-extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
|
||||
+extern void shell_cmd __P((char *)); /* execute shell command */
|
||||
+extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
|
||||
+#ifdef INET6
|
||||
+extern void rfc931 __P((struct sockaddr *, struct sockaddr *, char *)); /* client name from RFC 931 daemon */
|
||||
+#else
|
||||
+extern void rfc931 __P((struct sockaddr_in *, struct sockaddr_in *, char *)); /* client name from RFC 931 daemon */
|
||||
+#endif
|
||||
+extern void clean_exit __P((struct request_info *)); /* clean up and exit */
|
||||
+extern void refuse __P((struct request_info *)); /* clean up and exit */
|
||||
+extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
|
||||
+extern char *split_at __P((char *, int)); /* strchr() and split */
|
||||
+extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
|
||||
|
||||
/* Global variables. */
|
||||
|
||||
+#ifdef HAVE_WEAKSYMS
|
||||
+extern int allow_severity __attribute__ ((weak)); /* for connection logging */
|
||||
+extern int deny_severity __attribute__ ((weak)); /* for connection logging */
|
||||
+#else
|
||||
extern int allow_severity; /* for connection logging */
|
||||
extern int deny_severity; /* for connection logging */
|
||||
+#endif
|
||||
+
|
||||
extern char *hosts_allow_table; /* for verification mode redirection */
|
||||
extern char *hosts_deny_table; /* for verification mode redirection */
|
||||
extern int hosts_access_verbose; /* for verbose matching mode */
|
||||
@@ -96,9 +124,14 @@
|
||||
*/
|
||||
|
||||
#ifdef __STDC__
|
||||
+extern int hosts_access(struct request_info *request);
|
||||
+extern int hosts_ctl(char *daemon, char *client_name, char *client_addr,
|
||||
+ char *client_user);
|
||||
extern struct request_info *request_init(struct request_info *,...);
|
||||
extern struct request_info *request_set(struct request_info *,...);
|
||||
#else
|
||||
+extern int hosts_access();
|
||||
+extern int hosts_ctl();
|
||||
extern struct request_info *request_init(); /* initialize request */
|
||||
extern struct request_info *request_set(); /* update request structure */
|
||||
#endif
|
||||
@@ -121,27 +154,31 @@
|
||||
* host_info structures serve as caches for the lookup results.
|
||||
*/
|
||||
|
||||
-extern char *eval_user(); /* client user */
|
||||
-extern char *eval_hostname(); /* printable hostname */
|
||||
-extern char *eval_hostaddr(); /* printable host address */
|
||||
-extern char *eval_hostinfo(); /* host name or address */
|
||||
-extern char *eval_client(); /* whatever is available */
|
||||
-extern char *eval_server(); /* whatever is available */
|
||||
+extern char *eval_user __P((struct request_info *)); /* client user */
|
||||
+extern char *eval_hostname __P((struct host_info *)); /* printable hostname */
|
||||
+extern char *eval_hostaddr __P((struct host_info *)); /* printable host address */
|
||||
+extern char *eval_hostinfo __P((struct host_info *)); /* host name or address */
|
||||
+extern char *eval_client __P((struct request_info *)); /* whatever is available */
|
||||
+extern char *eval_server __P((struct request_info *)); /* whatever is available */
|
||||
#define eval_daemon(r) ((r)->daemon) /* daemon process name */
|
||||
#define eval_pid(r) ((r)->pid) /* process id */
|
||||
|
||||
/* Socket-specific methods, including DNS hostname lookups. */
|
||||
|
||||
-extern void sock_host(); /* look up endpoint addresses */
|
||||
-extern void sock_hostname(); /* translate address to hostname */
|
||||
-extern void sock_hostaddr(); /* address to printable address */
|
||||
+/* look up endpoint addresses */
|
||||
+extern void sock_host __P((struct request_info *));
|
||||
+/* translate address to hostname */
|
||||
+extern void sock_hostname __P((struct host_info *));
|
||||
+/* address to printable address */
|
||||
+extern void sock_hostaddr __P((struct host_info *));
|
||||
+
|
||||
#define sock_methods(r) \
|
||||
{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
|
||||
|
||||
/* The System V Transport-Level Interface (TLI) interface. */
|
||||
|
||||
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
|
||||
-extern void tli_host(); /* look up endpoint addresses etc. */
|
||||
+extern void tli_host __P((struct request_info *)); /* look up endpoint addresses etc. */
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -182,7 +219,7 @@
|
||||
* behavior.
|
||||
*/
|
||||
|
||||
-extern void process_options(); /* execute options */
|
||||
+extern void process_options __P((char *, struct request_info *)); /* execute options */
|
||||
extern int dry_run; /* verification flag */
|
||||
|
||||
/* Bug workarounds. */
|
||||
@@ -221,3 +258,7 @@
|
||||
#define strtok my_strtok
|
||||
extern char *my_strtok();
|
||||
#endif
|
||||
+
|
||||
+__END_DECLS
|
||||
+
|
||||
+#endif /* tcpd.h */
|
||||
--- tcp_wrappers_7.6/scaffold.c.shared 2003-02-10 20:12:26.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/scaffold.c 2003-02-10 20:12:26.000000000 +0100
|
||||
@@ -237,10 +237,17 @@
|
||||
|
||||
/* ARGSUSED */
|
||||
|
||||
-void rfc931(request)
|
||||
-struct request_info *request;
|
||||
+void rfc931(rmt_sin, our_sin, dest)
|
||||
+#ifndef INET6
|
||||
+struct sockaddr_in *rmt_sin;
|
||||
+struct sockaddr_in *our_sin;
|
||||
+#else
|
||||
+struct sockaddr *rmt_sin;
|
||||
+struct sockaddr *our_sin;
|
||||
+#endif
|
||||
+char *dest;
|
||||
{
|
||||
- strcpy(request->user, unknown);
|
||||
+ strcpy(dest, unknown);
|
||||
}
|
||||
|
||||
/* check_path - examine accessibility */
|
||||
--- /dev/null 2003-01-30 11:24:37.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/weak_symbols.c 2003-02-10 20:12:26.000000000 +0100
|
||||
@@ -0,0 +1,11 @@
|
||||
+ /*
|
||||
+ * @(#) weak_symbols.h 1.5 99/12/29 23:50
|
||||
+ *
|
||||
+ * Author: Anthony Towns <ajt@debian.org>
|
||||
+ */
|
||||
+
|
||||
+#ifdef HAVE_WEAKSYMS
|
||||
+#include <syslog.h>
|
||||
+int deny_severity = LOG_WARNING;
|
||||
+int allow_severity = SEVERITY;
|
||||
+#endif
|
39
tcp_wrappers-7.6-sig.patch
Normal file
39
tcp_wrappers-7.6-sig.patch
Normal file
@ -0,0 +1,39 @@
|
||||
--- tcp_wrappers_7.6/hosts_access.c.sig 2003-02-10 16:18:31.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/hosts_access.c 2003-02-10 16:50:38.000000000 +0100
|
||||
@@ -66,6 +66,7 @@
|
||||
|
||||
#define YES 1
|
||||
#define NO 0
|
||||
+#define ERR -1
|
||||
|
||||
/*
|
||||
* These variables are globally visible so that they can be redirected in
|
||||
@@ -106,7 +107,6 @@
|
||||
struct request_info *request;
|
||||
{
|
||||
int verdict;
|
||||
-
|
||||
/*
|
||||
* If the (daemon, client) pair is matched by an entry in the file
|
||||
* /etc/hosts.allow, access is granted. Otherwise, if the (daemon,
|
||||
@@ -129,9 +129,9 @@
|
||||
return (verdict == AC_PERMIT);
|
||||
if (table_match(hosts_allow_table, request))
|
||||
return (YES);
|
||||
- if (table_match(hosts_deny_table, request))
|
||||
- return (NO);
|
||||
- return (YES);
|
||||
+ if (table_match(hosts_deny_table, request) == NO)
|
||||
+ return (YES);
|
||||
+ return (NO);
|
||||
}
|
||||
|
||||
/* table_match - match table entries with (daemon, client) pair */
|
||||
@@ -175,6 +175,7 @@
|
||||
(void) fclose(fp);
|
||||
} else if (errno != ENOENT) {
|
||||
tcpd_warn("cannot open %s: %m", table);
|
||||
+ match = ERR;
|
||||
}
|
||||
if (match) {
|
||||
if (hosts_access_verbose > 1)
|
27
tcp_wrappers-7.6-strerror.patch
Normal file
27
tcp_wrappers-7.6-strerror.patch
Normal file
@ -0,0 +1,27 @@
|
||||
--- tcp-wrappers-7.6/percent_m.c
|
||||
+++ tcp-wrappers-7.6/percent_m.c
|
||||
@@ -13,7 +13,7 @@
|
||||
#include <string.h>
|
||||
|
||||
extern int errno;
|
||||
-#ifndef SYS_ERRLIST_DEFINED
|
||||
+#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
|
||||
extern char *sys_errlist[];
|
||||
extern int sys_nerr;
|
||||
#endif
|
||||
@@ -29,11 +29,15 @@
|
||||
|
||||
while (*bp = *cp)
|
||||
if (*cp == '%' && cp[1] == 'm') {
|
||||
+#ifdef HAVE_STRERROR
|
||||
+ strcpy(bp, strerror(errno));
|
||||
+#else
|
||||
if (errno < sys_nerr && errno > 0) {
|
||||
strcpy(bp, sys_errlist[errno]);
|
||||
} else {
|
||||
sprintf(bp, "Unknown error %d", errno);
|
||||
}
|
||||
+#endif
|
||||
bp += strlen(bp);
|
||||
cp += 2;
|
||||
} else {
|
@ -1,7 +1,12 @@
|
||||
Summary: A security tool which acts as a wrapper for TCP daemons.
|
||||
Name: tcp_wrappers
|
||||
Version: 7.6
|
||||
Release: 23
|
||||
Release: 34
|
||||
|
||||
%define LIB_MAJOR 0
|
||||
%define LIB_MINOR 7
|
||||
%define LIB_REL 6
|
||||
|
||||
Copyright: Distributable
|
||||
Group: System Environment/Daemons
|
||||
Source: ftp://coast.cs.purdue.edu/pub/tools/unix/tcp_wrappers/tcp_wrappers_7.6.tar.gz
|
||||
@ -16,6 +21,9 @@ Patch7: tcp_wrappers-7.6-docu.patch
|
||||
Patch8: tcp_wrappers-7.6-casesens.patch
|
||||
Patch9: tcp_wrappers.usagi-ipv6.patch
|
||||
Patch10: tcp_wrappers.ume-ipv6.patch
|
||||
Patch11: tcp_wrappers-7.6-shared.patch
|
||||
Patch12: tcp_wrappers-7.6-sig.patch
|
||||
Patch13: tcp_wrappers-7.6-strerror.patch
|
||||
# required by sin_scope_id in ipv6 patch
|
||||
BuildPreReq: glibc-devel >= 2.2
|
||||
BuildRoot: %{_tmppath}/%{name}-root
|
||||
@ -42,9 +50,13 @@ This version also supports IPv6.
|
||||
%patch7 -p1
|
||||
%patch9 -p0
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
|
||||
%build
|
||||
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC" linux
|
||||
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
|
||||
|
||||
|
||||
%install
|
||||
rm -rf ${RPM_BUILD_ROOT}
|
||||
@ -58,7 +70,8 @@ cp hosts_access.5 hosts_options.5 ${RPM_BUILD_ROOT}%{_mandir}/man5
|
||||
cp tcpd.8 tcpdchk.8 tcpdmatch.8 ${RPM_BUILD_ROOT}%{_mandir}/man8
|
||||
ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.allow.5
|
||||
ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.deny.5
|
||||
cp libwrap.a ${RPM_BUILD_ROOT}%{_libdir}
|
||||
cp -a libwrap.a ${RPM_BUILD_ROOT}%{_libdir}
|
||||
cp -a libwrap.so* ${RPM_BUILD_ROOT}%{_libdir}
|
||||
cp tcpd.h ${RPM_BUILD_ROOT}%{_includedir}
|
||||
install -m755 safe_finger ${RPM_BUILD_ROOT}%{_sbindir}
|
||||
install -m711 tcpd ${RPM_BUILD_ROOT}%{_sbindir}
|
||||
@ -70,6 +83,10 @@ install -m755 try-from ${RPM_BUILD_ROOT}%{_sbindir}
|
||||
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdmatch.*
|
||||
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdchk.*
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%clean
|
||||
rm -rf ${RPM_BUILD_ROOT}
|
||||
|
||||
@ -78,10 +95,37 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%doc BLURB CHANGES README* DISCLAIMER Banners.Makefile
|
||||
%{_mandir}/man[358]/*
|
||||
%{_includedir}/*
|
||||
%{_libdir}/*
|
||||
%{_libdir}/*.a
|
||||
%{_libdir}/*.so*
|
||||
%{_sbindir}/*
|
||||
|
||||
%changelog
|
||||
* Sun Feb 16 2003 Florian La Roche <Florian.LaRoche@redhat.de>
|
||||
- use strerror #84312
|
||||
|
||||
* Tue Feb 11 2003 Harald Hoyer <harald@redhat.de> 7.6-33
|
||||
- revert Nalins weak version
|
||||
- link libwrap.so against libnsl, on which it depends
|
||||
|
||||
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 7.6-32
|
||||
- link libwrap.so against libnsl, on which it depends
|
||||
- add default (weak) versions of allow_severity and deny_severity to the shared
|
||||
library so that configure tests can find it correctly
|
||||
|
||||
* Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29
|
||||
- shared library generated and added #75494
|
||||
- added security patch tcp_wrappers-7.6-sig.patch
|
||||
- compile and link with -fPIC -DPIC
|
||||
|
||||
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Tue Jan 7 2003 Jeff Johnson <jbj@redhat.com> 7.6-25
|
||||
- don't include -debuginfo files in package.
|
||||
|
||||
* Tue Nov 19 2002 Tim Powers <timp@redhat.com>
|
||||
- rebuild on all arches
|
||||
|
||||
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
||||
- automated rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user