auto-import changelog data from tcp_wrappers-7.6-34.src.rpm

Sun Feb 16 2003 Florian La Roche <Florian.LaRoche@redhat.de>
- use strerror #84312
Tue Feb 11 2003 Harald Hoyer <harald@redhat.de> 7.6-33
- revert Nalins weak version
- link libwrap.so against libnsl, on which it depends
Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 7.6-32
- link libwrap.so against libnsl, on which it depends
- add default (weak) versions of allow_severity and deny_severity to the
    shared library so that configure tests can find it correctly
Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29
- shared library generated and added #75494
- added security patch tcp_wrappers-7.6-sig.patch
- compile and link with -fPIC -DPIC
Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt
Tue Jan 07 2003 Jeff Johnson <jbj@redhat.com> 7.6-25
- don't include -debuginfo files in package.
Tue Nov 19 2002 Tim Powers <timp@redhat.com>
- rebuild on all arches

tcp_wrappers-7.6-shared.patch

@@ -0,0 +1,252 @@
+--- tcp_wrappers_7.6/Makefile.shared	2003-02-10 20:12:26.000000000 +0100
++++ tcp_wrappers_7.6/Makefile	2003-02-10 20:14:05.000000000 +0100
+@@ -150,8 +150,8 @@
+ 
+ linux:
+ 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+-	LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
+-	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all
++	LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
++	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS)  -fPIC -DPIC -D_REENTRANT -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all
+ 
+ linux-old:
+ 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+@@ -249,7 +249,7 @@
+ 
+ # Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
+ uts215:
+-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \   
++	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+ 	LIBS="-lsocket" RANLIB=echo \
+ 	ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
+ 
+@@ -706,8 +706,9 @@
+ 	scaffold.h tcpdmatch.8 README.NIS
+ 
+ LIB	= libwrap.a
++SHLIB 	= libwrap.so
+ 
+-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
++all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(SHLIB)
+ 
+ # Invalidate all object files when the compiler options (CFLAGS) have changed.
+ 
+@@ -724,6 +725,12 @@
+ 	$(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
+ 	-$(RANLIB) $(LIB)
+ 
++$(SHLIB): $(LIB_OBJ)
++	gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \
++		-o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS)
++	ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR)
++	ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
++
+ tcpd:	tcpd.o $(LIB)
+ 	$(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
+ 
+@@ -906,5 +913,6 @@
+ update.o: mystdarg.h
+ update.o: tcpd.h
+ vfprintf.o: cflags
++weak_symbols.o: tcpd.h
+ workarounds.o: cflags
+ workarounds.o: tcpd.h
+--- tcp_wrappers_7.6/tcpd.h.shared	2003-02-10 20:12:26.000000000 +0100
++++ tcp_wrappers_7.6/tcpd.h	2003-02-10 20:12:26.000000000 +0100
+@@ -4,6 +4,25 @@
+   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+   */
+ 
++#ifndef _TCPWRAPPERS_TCPD_H
++#define _TCPWRAPPERS_TCPD_H
++
++/* someone else may have defined this */
++#undef  __P
++
++/* use prototypes if we have an ANSI C compiler or are using C++ */
++#if defined(__STDC__) || defined(__cplusplus)
++#define __P(args)       args
++#else
++#define __P(args)       ()
++#endif
++
++/* Need definitions of struct sockaddr_in and FILE. */
++#include <netinet/in.h>
++#include <stdio.h>
++
++__BEGIN_DECLS
++
+ /* Structure to describe one communications endpoint. */
+ 
+ #define STRING_LENGTH	128		/* hosts, users, processes */
+@@ -29,10 +48,10 @@
+     char    pid[10];			/* access via eval_pid(request) */
+     struct host_info client[1];		/* client endpoint info */
+     struct host_info server[1];		/* server endpoint info */
+-    void  (*sink) ();			/* datagram sink function or 0 */
+-    void  (*hostname) ();		/* address to printable hostname */
+-    void  (*hostaddr) ();		/* address to printable address */
+-    void  (*cleanup) ();		/* cleanup function or 0 */
++    void  (*sink) __P((int));		/* datagram sink function or 0 */
++    void  (*hostname) __P((struct host_info *)); /* address to printable hostname */
++    void  (*hostaddr) __P((struct host_info *)); /* address to printable address */
++    void  (*cleanup) __P((struct request_info *)); /* cleanup function or 0 */
+     struct netconfig *config;		/* netdir handle */
+ };
+ 
+@@ -65,25 +84,34 @@
+ /* Global functions. */
+ 
+ #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
+-extern void fromhost();			/* get/validate client host info */
++extern void fromhost __P((struct request_info *));	/* get/validate client host info */
+ #else
+ #define fromhost sock_host		/* no TLI support needed */
+ #endif
+ 
+-extern int hosts_access();		/* access control */
+-extern void shell_cmd();		/* execute shell command */
+-extern char *percent_x();		/* do %<char> expansion */
+-extern void rfc931();			/* client name from RFC 931 daemon */
+-extern void clean_exit();		/* clean up and exit */
+-extern void refuse();			/* clean up and exit */
+-extern char *xgets();			/* fgets() on steroids */
+-extern char *split_at();		/* strchr() and split */
+-extern unsigned long dot_quad_addr();	/* restricted inet_addr() */
++extern void shell_cmd __P((char *));	/* execute shell command */
++extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
++#ifdef INET6
++extern void rfc931 __P((struct sockaddr *, struct sockaddr *, char *)); /* client name from RFC 931 daemon */
++#else
++extern void rfc931 __P((struct sockaddr_in *, struct sockaddr_in *, char *)); /* client name from RFC 931 daemon */
++#endif
++extern void clean_exit __P((struct request_info *)); /* clean up and exit */
++extern void refuse __P((struct request_info *));	/* clean up and exit */
++extern char *xgets __P((char *, int, FILE *));	/* fgets() on steroids */
++extern char *split_at __P((char *, int));	/* strchr() and split */
++extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
+ 
+ /* Global variables. */
+ 
++#ifdef HAVE_WEAKSYMS
++extern int allow_severity __attribute__ ((weak)); /* for connection logging */
++extern int deny_severity __attribute__ ((weak)); /* for connection logging */
++#else
+ extern int allow_severity;		/* for connection logging */
+ extern int deny_severity;		/* for connection logging */
++#endif
++
+ extern char *hosts_allow_table;		/* for verification mode redirection */
+ extern char *hosts_deny_table;		/* for verification mode redirection */
+ extern int hosts_access_verbose;	/* for verbose matching mode */
+@@ -96,9 +124,14 @@
+   */
+ 
+ #ifdef __STDC__
++extern int hosts_access(struct request_info *request);
++extern int hosts_ctl(char *daemon, char *client_name, char *client_addr, 
++                     char *client_user);
+ extern struct request_info *request_init(struct request_info *,...);
+ extern struct request_info *request_set(struct request_info *,...);
+ #else
++extern int hosts_access();
++extern int hosts_ctl();
+ extern struct request_info *request_init();	/* initialize request */
+ extern struct request_info *request_set();	/* update request structure */
+ #endif
+@@ -121,27 +154,31 @@
+   * host_info structures serve as caches for the lookup results.
+   */
+ 
+-extern char *eval_user();		/* client user */
+-extern char *eval_hostname();		/* printable hostname */
+-extern char *eval_hostaddr();		/* printable host address */
+-extern char *eval_hostinfo();		/* host name or address */
+-extern char *eval_client();		/* whatever is available */
+-extern char *eval_server();		/* whatever is available */
++extern char *eval_user __P((struct request_info *));	/* client user */
++extern char *eval_hostname __P((struct host_info *));	/* printable hostname */
++extern char *eval_hostaddr __P((struct host_info *));	/* printable host address */
++extern char *eval_hostinfo __P((struct host_info *));	/* host name or address */
++extern char *eval_client __P((struct request_info *));	/* whatever is available */
++extern char *eval_server __P((struct request_info *));	/* whatever is available */
+ #define eval_daemon(r)	((r)->daemon)	/* daemon process name */
+ #define eval_pid(r)	((r)->pid)	/* process id */
+ 
+ /* Socket-specific methods, including DNS hostname lookups. */
+ 
+-extern void sock_host();		/* look up endpoint addresses */
+-extern void sock_hostname();		/* translate address to hostname */
+-extern void sock_hostaddr();		/* address to printable address */
++/* look up endpoint addresses */
++extern void sock_host __P((struct request_info *));
++/* translate address to hostname */
++extern void sock_hostname __P((struct host_info *));
++/* address to printable address */
++extern void sock_hostaddr __P((struct host_info *));
++
+ #define sock_methods(r) \
+ 	{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
+ 
+ /* The System V Transport-Level Interface (TLI) interface. */
+ 
+ #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
+-extern void tli_host();			/* look up endpoint addresses etc. */
++extern void tli_host __P((struct request_info *));	/* look up endpoint addresses etc. */
+ #endif
+ 
+  /*
+@@ -182,7 +219,7 @@
+   * behavior.
+   */
+ 
+-extern void process_options();		/* execute options */
++extern void process_options __P((char *, struct request_info *)); /* execute options */
+ extern int dry_run;			/* verification flag */
+ 
+ /* Bug workarounds. */
+@@ -221,3 +258,7 @@
+ #define strtok	my_strtok
+ extern char *my_strtok();
+ #endif
++
++__END_DECLS
++
++#endif /* tcpd.h */
+--- tcp_wrappers_7.6/scaffold.c.shared	2003-02-10 20:12:26.000000000 +0100
++++ tcp_wrappers_7.6/scaffold.c	2003-02-10 20:12:26.000000000 +0100
+@@ -237,10 +237,17 @@
+ 
+ /* ARGSUSED */
+ 
+-void    rfc931(request)
+-struct request_info *request;
++void    rfc931(rmt_sin, our_sin, dest)
++#ifndef INET6
++struct sockaddr_in *rmt_sin;
++struct sockaddr_in *our_sin;
++#else
++struct sockaddr *rmt_sin;
++struct sockaddr *our_sin;
++#endif
++char   *dest;
+ {
+-    strcpy(request->user, unknown);
++    strcpy(dest, unknown);
+ }
+ 
+ /* check_path - examine accessibility */
+--- /dev/null	2003-01-30 11:24:37.000000000 +0100
++++ tcp_wrappers_7.6/weak_symbols.c	2003-02-10 20:12:26.000000000 +0100
+@@ -0,0 +1,11 @@
++ /*
++  * @(#) weak_symbols.h 1.5 99/12/29 23:50
++  * 
++  * Author: Anthony Towns <ajt@debian.org>
++  */
++
++#ifdef HAVE_WEAKSYMS
++#include <syslog.h>
++int deny_severity = LOG_WARNING;
++int allow_severity = SEVERITY; 
++#endif

tcp_wrappers-7.6-sig.patch

@@ -0,0 +1,39 @@
+--- tcp_wrappers_7.6/hosts_access.c.sig	2003-02-10 16:18:31.000000000 +0100
++++ tcp_wrappers_7.6/hosts_access.c	2003-02-10 16:50:38.000000000 +0100
+@@ -66,6 +66,7 @@
+ 
+ #define	YES		1
+ #define	NO		0
++#define ERR             -1
+ 
+  /*
+   * These variables are globally visible so that they can be redirected in
+@@ -106,7 +107,6 @@
+ struct request_info *request;
+ {
+     int     verdict;
+-
+     /*
+      * If the (daemon, client) pair is matched by an entry in the file
+      * /etc/hosts.allow, access is granted. Otherwise, if the (daemon,
+@@ -129,9 +129,9 @@
+ 	return (verdict == AC_PERMIT);
+     if (table_match(hosts_allow_table, request))
+ 	return (YES);
+-    if (table_match(hosts_deny_table, request))
+-	return (NO);
+-    return (YES);
++    if (table_match(hosts_deny_table, request) == NO)
++	return (YES);
++    return (NO);
+ }
+ 
+ /* table_match - match table entries with (daemon, client) pair */
+@@ -175,6 +175,7 @@
+ 	(void) fclose(fp);
+     } else if (errno != ENOENT) {
+ 	tcpd_warn("cannot open %s: %m", table);
++	match = ERR;
+     }
+     if (match) {
+ 	if (hosts_access_verbose > 1)

tcp_wrappers-7.6-strerror.patch

@@ -0,0 +1,27 @@
+--- tcp-wrappers-7.6/percent_m.c
++++ tcp-wrappers-7.6/percent_m.c
+@@ -13,7 +13,7 @@
+ #include <string.h>
+ 
+ extern int errno;
+-#ifndef SYS_ERRLIST_DEFINED
++#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
+ extern char *sys_errlist[];
+ extern int sys_nerr;
+ #endif
+@@ -29,11 +29,15 @@
+ 
+     while (*bp = *cp)
+ 	if (*cp == '%' && cp[1] == 'm') {
++#ifdef HAVE_STRERROR
++            strcpy(bp, strerror(errno));
++#else
+ 	    if (errno < sys_nerr && errno > 0) {
+ 		strcpy(bp, sys_errlist[errno]);
+ 	    } else {
+ 		sprintf(bp, "Unknown error %d", errno);
+ 	    }
++#endif
+ 	    bp += strlen(bp);
+ 	    cp += 2;
+ 	} else {

tcp_wrappers.spec

@@ -1,7 +1,12 @@
 Summary: A security tool which acts as a wrapper for TCP daemons.
 Name: tcp_wrappers
 Version: 7.6
-Release: 23
+Release: 34
+
+%define LIB_MAJOR 0
+%define LIB_MINOR 7
+%define LIB_REL 6
+
 Copyright: Distributable
 Group: System Environment/Daemons
 Source: ftp://coast.cs.purdue.edu/pub/tools/unix/tcp_wrappers/tcp_wrappers_7.6.tar.gz
@@ -16,6 +21,9 @@ Patch7: tcp_wrappers-7.6-docu.patch
 Patch8: tcp_wrappers-7.6-casesens.patch
 Patch9: tcp_wrappers.usagi-ipv6.patch
 Patch10: tcp_wrappers.ume-ipv6.patch
+Patch11: tcp_wrappers-7.6-shared.patch
+Patch12: tcp_wrappers-7.6-sig.patch
+Patch13: tcp_wrappers-7.6-strerror.patch
 # required by sin_scope_id in ipv6 patch
 BuildPreReq: glibc-devel >= 2.2		
 BuildRoot: %{_tmppath}/%{name}-root
@@ -42,9 +50,13 @@ This version also supports IPv6.
 %patch7 -p1
 %patch9 -p0
 %patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
 
 %build
-make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC" linux
+make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
+
 
 %install
 rm -rf ${RPM_BUILD_ROOT}
@@ -58,7 +70,8 @@ cp hosts_access.5 hosts_options.5 ${RPM_BUILD_ROOT}%{_mandir}/man5
 cp tcpd.8 tcpdchk.8 tcpdmatch.8 ${RPM_BUILD_ROOT}%{_mandir}/man8
 ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.allow.5
 ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.deny.5
-cp libwrap.a ${RPM_BUILD_ROOT}%{_libdir}
+cp -a libwrap.a ${RPM_BUILD_ROOT}%{_libdir}
+cp -a libwrap.so* ${RPM_BUILD_ROOT}%{_libdir}
 cp tcpd.h ${RPM_BUILD_ROOT}%{_includedir}
 install -m755 safe_finger ${RPM_BUILD_ROOT}%{_sbindir}
 install -m711 tcpd ${RPM_BUILD_ROOT}%{_sbindir}
@@ -70,6 +83,10 @@ install -m755 try-from ${RPM_BUILD_ROOT}%{_sbindir}
 rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdmatch.*
 rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdchk.*
 
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
 %clean
 rm -rf ${RPM_BUILD_ROOT}
 
@@ -78,10 +95,37 @@ rm -rf ${RPM_BUILD_ROOT}
 %doc BLURB CHANGES README* DISCLAIMER Banners.Makefile
 %{_mandir}/man[358]/*
 %{_includedir}/*
-%{_libdir}/*
+%{_libdir}/*.a
+%{_libdir}/*.so*
 %{_sbindir}/*
 
 %changelog
+* Sun Feb 16 2003 Florian La Roche <Florian.LaRoche@redhat.de>
+- use strerror  #84312
+
+* Tue Feb 11 2003 Harald Hoyer <harald@redhat.de> 7.6-33
+- revert Nalins weak version
+- link libwrap.so against libnsl, on which it depends
+
+* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 7.6-32
+- link libwrap.so against libnsl, on which it depends
+- add default (weak) versions of allow_severity and deny_severity to the shared
+  library so that configure tests can find it correctly
+
+* Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29
+- shared library generated and added #75494
+- added security patch tcp_wrappers-7.6-sig.patch
+- compile and link with -fPIC -DPIC
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Tue Jan  7 2003 Jeff Johnson <jbj@redhat.com> 7.6-25
+- don't include -debuginfo files in package.
+
+* Tue Nov 19 2002 Tim Powers <timp@redhat.com>
+- rebuild on all arches
+
 * Fri Jun 21 2002 Tim Powers <timp@redhat.com>
 - automated rebuild