From f791644d6d0fdb7795878225d6927b9624e2f98b Mon Sep 17 00:00:00 2001 From: cvsdist Date: Thu, 9 Sep 2004 13:07:52 +0000 Subject: [PATCH] auto-import changelog data from tcp_wrappers-7.6-34.src.rpm Sun Feb 16 2003 Florian La Roche - use strerror #84312 Tue Feb 11 2003 Harald Hoyer 7.6-33 - revert Nalins weak version - link libwrap.so against libnsl, on which it depends Mon Feb 10 2003 Nalin Dahyabhai 7.6-32 - link libwrap.so against libnsl, on which it depends - add default (weak) versions of allow_severity and deny_severity to the shared library so that configure tests can find it correctly Mon Feb 10 2003 Harald Hoyer 7.6-29 - shared library generated and added #75494 - added security patch tcp_wrappers-7.6-sig.patch - compile and link with -fPIC -DPIC Wed Jan 22 2003 Tim Powers - rebuilt Tue Jan 07 2003 Jeff Johnson 7.6-25 - don't include -debuginfo files in package. Tue Nov 19 2002 Tim Powers - rebuild on all arches --- tcp_wrappers-7.6-shared.patch | 252 ++++++++++++++++++++++++++++++++ tcp_wrappers-7.6-sig.patch | 39 +++++ tcp_wrappers-7.6-strerror.patch | 27 ++++ tcp_wrappers.spec | 52 ++++++- 4 files changed, 366 insertions(+), 4 deletions(-) create mode 100644 tcp_wrappers-7.6-shared.patch create mode 100644 tcp_wrappers-7.6-sig.patch create mode 100644 tcp_wrappers-7.6-strerror.patch diff --git a/tcp_wrappers-7.6-shared.patch b/tcp_wrappers-7.6-shared.patch new file mode 100644 index 0000000..429e541 --- /dev/null +++ b/tcp_wrappers-7.6-shared.patch @@ -0,0 +1,252 @@ +--- tcp_wrappers_7.6/Makefile.shared 2003-02-10 20:12:26.000000000 +0100 ++++ tcp_wrappers_7.6/Makefile 2003-02-10 20:14:05.000000000 +0100 +@@ -150,8 +150,8 @@ + + linux: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +- LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ +- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all ++ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \ ++ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -fPIC -DPIC -D_REENTRANT -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all + + linux-old: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +@@ -249,7 +249,7 @@ + + # Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com) + uts215: +- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ++ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS="-lsocket" RANLIB=echo \ + ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all + +@@ -706,8 +706,9 @@ + scaffold.h tcpdmatch.8 README.NIS + + LIB = libwrap.a ++SHLIB = libwrap.so + +-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk ++all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(SHLIB) + + # Invalidate all object files when the compiler options (CFLAGS) have changed. + +@@ -724,6 +725,12 @@ + $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ) + -$(RANLIB) $(LIB) + ++$(SHLIB): $(LIB_OBJ) ++ gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \ ++ -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS) ++ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR) ++ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB) ++ + tcpd: tcpd.o $(LIB) + $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS) + +@@ -906,5 +913,6 @@ + update.o: mystdarg.h + update.o: tcpd.h + vfprintf.o: cflags ++weak_symbols.o: tcpd.h + workarounds.o: cflags + workarounds.o: tcpd.h +--- tcp_wrappers_7.6/tcpd.h.shared 2003-02-10 20:12:26.000000000 +0100 ++++ tcp_wrappers_7.6/tcpd.h 2003-02-10 20:12:26.000000000 +0100 +@@ -4,6 +4,25 @@ + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + ++#ifndef _TCPWRAPPERS_TCPD_H ++#define _TCPWRAPPERS_TCPD_H ++ ++/* someone else may have defined this */ ++#undef __P ++ ++/* use prototypes if we have an ANSI C compiler or are using C++ */ ++#if defined(__STDC__) || defined(__cplusplus) ++#define __P(args) args ++#else ++#define __P(args) () ++#endif ++ ++/* Need definitions of struct sockaddr_in and FILE. */ ++#include ++#include ++ ++__BEGIN_DECLS ++ + /* Structure to describe one communications endpoint. */ + + #define STRING_LENGTH 128 /* hosts, users, processes */ +@@ -29,10 +48,10 @@ + char pid[10]; /* access via eval_pid(request) */ + struct host_info client[1]; /* client endpoint info */ + struct host_info server[1]; /* server endpoint info */ +- void (*sink) (); /* datagram sink function or 0 */ +- void (*hostname) (); /* address to printable hostname */ +- void (*hostaddr) (); /* address to printable address */ +- void (*cleanup) (); /* cleanup function or 0 */ ++ void (*sink) __P((int)); /* datagram sink function or 0 */ ++ void (*hostname) __P((struct host_info *)); /* address to printable hostname */ ++ void (*hostaddr) __P((struct host_info *)); /* address to printable address */ ++ void (*cleanup) __P((struct request_info *)); /* cleanup function or 0 */ + struct netconfig *config; /* netdir handle */ + }; + +@@ -65,25 +84,34 @@ + /* Global functions. */ + + #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) +-extern void fromhost(); /* get/validate client host info */ ++extern void fromhost __P((struct request_info *)); /* get/validate client host info */ + #else + #define fromhost sock_host /* no TLI support needed */ + #endif + +-extern int hosts_access(); /* access control */ +-extern void shell_cmd(); /* execute shell command */ +-extern char *percent_x(); /* do % expansion */ +-extern void rfc931(); /* client name from RFC 931 daemon */ +-extern void clean_exit(); /* clean up and exit */ +-extern void refuse(); /* clean up and exit */ +-extern char *xgets(); /* fgets() on steroids */ +-extern char *split_at(); /* strchr() and split */ +-extern unsigned long dot_quad_addr(); /* restricted inet_addr() */ ++extern void shell_cmd __P((char *)); /* execute shell command */ ++extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do % expansion */ ++#ifdef INET6 ++extern void rfc931 __P((struct sockaddr *, struct sockaddr *, char *)); /* client name from RFC 931 daemon */ ++#else ++extern void rfc931 __P((struct sockaddr_in *, struct sockaddr_in *, char *)); /* client name from RFC 931 daemon */ ++#endif ++extern void clean_exit __P((struct request_info *)); /* clean up and exit */ ++extern void refuse __P((struct request_info *)); /* clean up and exit */ ++extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */ ++extern char *split_at __P((char *, int)); /* strchr() and split */ ++extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */ + + /* Global variables. */ + ++#ifdef HAVE_WEAKSYMS ++extern int allow_severity __attribute__ ((weak)); /* for connection logging */ ++extern int deny_severity __attribute__ ((weak)); /* for connection logging */ ++#else + extern int allow_severity; /* for connection logging */ + extern int deny_severity; /* for connection logging */ ++#endif ++ + extern char *hosts_allow_table; /* for verification mode redirection */ + extern char *hosts_deny_table; /* for verification mode redirection */ + extern int hosts_access_verbose; /* for verbose matching mode */ +@@ -96,9 +124,14 @@ + */ + + #ifdef __STDC__ ++extern int hosts_access(struct request_info *request); ++extern int hosts_ctl(char *daemon, char *client_name, char *client_addr, ++ char *client_user); + extern struct request_info *request_init(struct request_info *,...); + extern struct request_info *request_set(struct request_info *,...); + #else ++extern int hosts_access(); ++extern int hosts_ctl(); + extern struct request_info *request_init(); /* initialize request */ + extern struct request_info *request_set(); /* update request structure */ + #endif +@@ -121,27 +154,31 @@ + * host_info structures serve as caches for the lookup results. + */ + +-extern char *eval_user(); /* client user */ +-extern char *eval_hostname(); /* printable hostname */ +-extern char *eval_hostaddr(); /* printable host address */ +-extern char *eval_hostinfo(); /* host name or address */ +-extern char *eval_client(); /* whatever is available */ +-extern char *eval_server(); /* whatever is available */ ++extern char *eval_user __P((struct request_info *)); /* client user */ ++extern char *eval_hostname __P((struct host_info *)); /* printable hostname */ ++extern char *eval_hostaddr __P((struct host_info *)); /* printable host address */ ++extern char *eval_hostinfo __P((struct host_info *)); /* host name or address */ ++extern char *eval_client __P((struct request_info *)); /* whatever is available */ ++extern char *eval_server __P((struct request_info *)); /* whatever is available */ + #define eval_daemon(r) ((r)->daemon) /* daemon process name */ + #define eval_pid(r) ((r)->pid) /* process id */ + + /* Socket-specific methods, including DNS hostname lookups. */ + +-extern void sock_host(); /* look up endpoint addresses */ +-extern void sock_hostname(); /* translate address to hostname */ +-extern void sock_hostaddr(); /* address to printable address */ ++/* look up endpoint addresses */ ++extern void sock_host __P((struct request_info *)); ++/* translate address to hostname */ ++extern void sock_hostname __P((struct host_info *)); ++/* address to printable address */ ++extern void sock_hostaddr __P((struct host_info *)); ++ + #define sock_methods(r) \ + { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } + + /* The System V Transport-Level Interface (TLI) interface. */ + + #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) +-extern void tli_host(); /* look up endpoint addresses etc. */ ++extern void tli_host __P((struct request_info *)); /* look up endpoint addresses etc. */ + #endif + + /* +@@ -182,7 +219,7 @@ + * behavior. + */ + +-extern void process_options(); /* execute options */ ++extern void process_options __P((char *, struct request_info *)); /* execute options */ + extern int dry_run; /* verification flag */ + + /* Bug workarounds. */ +@@ -221,3 +258,7 @@ + #define strtok my_strtok + extern char *my_strtok(); + #endif ++ ++__END_DECLS ++ ++#endif /* tcpd.h */ +--- tcp_wrappers_7.6/scaffold.c.shared 2003-02-10 20:12:26.000000000 +0100 ++++ tcp_wrappers_7.6/scaffold.c 2003-02-10 20:12:26.000000000 +0100 +@@ -237,10 +237,17 @@ + + /* ARGSUSED */ + +-void rfc931(request) +-struct request_info *request; ++void rfc931(rmt_sin, our_sin, dest) ++#ifndef INET6 ++struct sockaddr_in *rmt_sin; ++struct sockaddr_in *our_sin; ++#else ++struct sockaddr *rmt_sin; ++struct sockaddr *our_sin; ++#endif ++char *dest; + { +- strcpy(request->user, unknown); ++ strcpy(dest, unknown); + } + + /* check_path - examine accessibility */ +--- /dev/null 2003-01-30 11:24:37.000000000 +0100 ++++ tcp_wrappers_7.6/weak_symbols.c 2003-02-10 20:12:26.000000000 +0100 +@@ -0,0 +1,11 @@ ++ /* ++ * @(#) weak_symbols.h 1.5 99/12/29 23:50 ++ * ++ * Author: Anthony Towns ++ */ ++ ++#ifdef HAVE_WEAKSYMS ++#include ++int deny_severity = LOG_WARNING; ++int allow_severity = SEVERITY; ++#endif diff --git a/tcp_wrappers-7.6-sig.patch b/tcp_wrappers-7.6-sig.patch new file mode 100644 index 0000000..e7341a0 --- /dev/null +++ b/tcp_wrappers-7.6-sig.patch @@ -0,0 +1,39 @@ +--- tcp_wrappers_7.6/hosts_access.c.sig 2003-02-10 16:18:31.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_access.c 2003-02-10 16:50:38.000000000 +0100 +@@ -66,6 +66,7 @@ + + #define YES 1 + #define NO 0 ++#define ERR -1 + + /* + * These variables are globally visible so that they can be redirected in +@@ -106,7 +107,6 @@ + struct request_info *request; + { + int verdict; +- + /* + * If the (daemon, client) pair is matched by an entry in the file + * /etc/hosts.allow, access is granted. Otherwise, if the (daemon, +@@ -129,9 +129,9 @@ + return (verdict == AC_PERMIT); + if (table_match(hosts_allow_table, request)) + return (YES); +- if (table_match(hosts_deny_table, request)) +- return (NO); +- return (YES); ++ if (table_match(hosts_deny_table, request) == NO) ++ return (YES); ++ return (NO); + } + + /* table_match - match table entries with (daemon, client) pair */ +@@ -175,6 +175,7 @@ + (void) fclose(fp); + } else if (errno != ENOENT) { + tcpd_warn("cannot open %s: %m", table); ++ match = ERR; + } + if (match) { + if (hosts_access_verbose > 1) diff --git a/tcp_wrappers-7.6-strerror.patch b/tcp_wrappers-7.6-strerror.patch new file mode 100644 index 0000000..426791a --- /dev/null +++ b/tcp_wrappers-7.6-strerror.patch @@ -0,0 +1,27 @@ +--- tcp-wrappers-7.6/percent_m.c ++++ tcp-wrappers-7.6/percent_m.c +@@ -13,7 +13,7 @@ + #include + + extern int errno; +-#ifndef SYS_ERRLIST_DEFINED ++#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR) + extern char *sys_errlist[]; + extern int sys_nerr; + #endif +@@ -29,11 +29,15 @@ + + while (*bp = *cp) + if (*cp == '%' && cp[1] == 'm') { ++#ifdef HAVE_STRERROR ++ strcpy(bp, strerror(errno)); ++#else + if (errno < sys_nerr && errno > 0) { + strcpy(bp, sys_errlist[errno]); + } else { + sprintf(bp, "Unknown error %d", errno); + } ++#endif + bp += strlen(bp); + cp += 2; + } else { diff --git a/tcp_wrappers.spec b/tcp_wrappers.spec index 5fd66b3..a94336a 100644 --- a/tcp_wrappers.spec +++ b/tcp_wrappers.spec @@ -1,7 +1,12 @@ Summary: A security tool which acts as a wrapper for TCP daemons. Name: tcp_wrappers Version: 7.6 -Release: 23 +Release: 34 + +%define LIB_MAJOR 0 +%define LIB_MINOR 7 +%define LIB_REL 6 + Copyright: Distributable Group: System Environment/Daemons Source: ftp://coast.cs.purdue.edu/pub/tools/unix/tcp_wrappers/tcp_wrappers_7.6.tar.gz @@ -16,6 +21,9 @@ Patch7: tcp_wrappers-7.6-docu.patch Patch8: tcp_wrappers-7.6-casesens.patch Patch9: tcp_wrappers.usagi-ipv6.patch Patch10: tcp_wrappers.ume-ipv6.patch +Patch11: tcp_wrappers-7.6-shared.patch +Patch12: tcp_wrappers-7.6-sig.patch +Patch13: tcp_wrappers-7.6-strerror.patch # required by sin_scope_id in ipv6 patch BuildPreReq: glibc-devel >= 2.2 BuildRoot: %{_tmppath}/%{name}-root @@ -42,9 +50,13 @@ This version also supports IPv6. %patch7 -p1 %patch9 -p0 %patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 %build -make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC" linux +make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux + %install rm -rf ${RPM_BUILD_ROOT} @@ -58,7 +70,8 @@ cp hosts_access.5 hosts_options.5 ${RPM_BUILD_ROOT}%{_mandir}/man5 cp tcpd.8 tcpdchk.8 tcpdmatch.8 ${RPM_BUILD_ROOT}%{_mandir}/man8 ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.allow.5 ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.deny.5 -cp libwrap.a ${RPM_BUILD_ROOT}%{_libdir} +cp -a libwrap.a ${RPM_BUILD_ROOT}%{_libdir} +cp -a libwrap.so* ${RPM_BUILD_ROOT}%{_libdir} cp tcpd.h ${RPM_BUILD_ROOT}%{_includedir} install -m755 safe_finger ${RPM_BUILD_ROOT}%{_sbindir} install -m711 tcpd ${RPM_BUILD_ROOT}%{_sbindir} @@ -70,6 +83,10 @@ install -m755 try-from ${RPM_BUILD_ROOT}%{_sbindir} rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdmatch.* rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdchk.* +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + %clean rm -rf ${RPM_BUILD_ROOT} @@ -78,10 +95,37 @@ rm -rf ${RPM_BUILD_ROOT} %doc BLURB CHANGES README* DISCLAIMER Banners.Makefile %{_mandir}/man[358]/* %{_includedir}/* -%{_libdir}/* +%{_libdir}/*.a +%{_libdir}/*.so* %{_sbindir}/* %changelog +* Sun Feb 16 2003 Florian La Roche +- use strerror #84312 + +* Tue Feb 11 2003 Harald Hoyer 7.6-33 +- revert Nalins weak version +- link libwrap.so against libnsl, on which it depends + +* Mon Feb 10 2003 Nalin Dahyabhai 7.6-32 +- link libwrap.so against libnsl, on which it depends +- add default (weak) versions of allow_severity and deny_severity to the shared + library so that configure tests can find it correctly + +* Mon Feb 10 2003 Harald Hoyer 7.6-29 +- shared library generated and added #75494 +- added security patch tcp_wrappers-7.6-sig.patch +- compile and link with -fPIC -DPIC + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 7 2003 Jeff Johnson 7.6-25 +- don't include -debuginfo files in package. + +* Tue Nov 19 2002 Tim Powers +- rebuild on all arches + * Fri Jun 21 2002 Tim Powers - automated rebuild