added shared_lib_plus_plus patch for dynamic library and build fixes for other packages
use Makefile for install, remove specfile code created libwrap and libwrap-devel (obsoleting tcp_wrappers-devel) [release 7.6-4mamba;Fri Sep 21 2007]
This commit is contained in:
parent
69ef619ec5
commit
82b31e57e6
@ -1,2 +1,6 @@
|
||||
# tcp_wrappers
|
||||
|
||||
The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
|
||||
|
||||
Install the tcp_wrappers program if you need a security tool for filtering incoming network services requests.
|
||||
|
||||
|
84
tcp_wrappers-7.6-conf.patch
Normal file
84
tcp_wrappers-7.6-conf.patch
Normal file
@ -0,0 +1,84 @@
|
||||
diff -ru tcp_wrappers_7.6/Makefile tcp_wrappers_7.6-fix/Makefile
|
||||
--- tcp_wrappers_7.6/Makefile 1997-03-21 19:27:21.000000000 +0100
|
||||
+++ tcp_wrappers_7.6-fix/Makefile 2005-09-13 15:24:10.000000000 +0200
|
||||
@@ -44,7 +44,7 @@
|
||||
#REAL_DAEMON_DIR=/usr/etc
|
||||
#
|
||||
# SysV.4 Solaris 2.x OSF AIX
|
||||
-#REAL_DAEMON_DIR=/usr/sbin
|
||||
+REAL_DAEMON_DIR=/usr/sbin
|
||||
#
|
||||
# BSD 4.4
|
||||
#REAL_DAEMON_DIR=/usr/libexec
|
||||
@@ -144,7 +144,7 @@
|
||||
linux:
|
||||
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
|
||||
- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
|
||||
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
|
||||
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
|
||||
hpux hpux8 hpux9 hpux10:
|
||||
@@ -491,7 +491,7 @@
|
||||
# Uncomment the next definition to turn on the language extensions
|
||||
# (examples: allow, deny, banners, twist and spawn).
|
||||
#
|
||||
-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
|
||||
+STYLE = -DPROCESS_OPTIONS # Enable language extensions.
|
||||
|
||||
################################################################
|
||||
# Optional: Changing the default disposition of logfile records
|
||||
@@ -514,7 +514,7 @@
|
||||
#
|
||||
# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
|
||||
|
||||
-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
|
||||
+FACILITY= LOG_AUTHPRIV
|
||||
|
||||
# The syslog priority at which successful connections are logged.
|
||||
|
||||
@@ -531,7 +531,7 @@
|
||||
# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
|
||||
# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
|
||||
#
|
||||
-# DOT= -DAPPEND_DOT
|
||||
+DOT= -DAPPEND_DOT
|
||||
|
||||
##################################################
|
||||
# Optional: Always attempt remote username lookups
|
||||
@@ -551,7 +551,7 @@
|
||||
# still do selective username lookups as documented in the hosts_access.5
|
||||
# and hosts_options.5 manual pages (`nroff -man' format).
|
||||
#
|
||||
-#AUTH = -DALWAYS_RFC931
|
||||
+AUTH = -DALWAYS_RFC931
|
||||
#
|
||||
# The default username lookup timeout is 10 seconds. This may not be long
|
||||
# enough for slow hosts or networks, but is enough to irritate PC users.
|
||||
@@ -610,7 +610,7 @@
|
||||
# Paranoid mode implies hostname lookup. In order to disable hostname
|
||||
# lookups altogether, see the next section.
|
||||
|
||||
-PARANOID= -DPARANOID
|
||||
+PARANOID= #-DPARANOID
|
||||
|
||||
########################################
|
||||
# Optional: turning off hostname lookups
|
||||
@@ -649,7 +649,7 @@
|
||||
# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
|
||||
# Solaris 2.x, and Linux. See your system documentation for details.
|
||||
#
|
||||
-# KILL_OPT= -DKILL_IP_OPTIONS
|
||||
+KILL_OPT= -DKILL_IP_OPTIONS
|
||||
|
||||
## End configuration options
|
||||
############################
|
||||
@@ -659,7 +659,7 @@
|
||||
SHELL = /bin/sh
|
||||
.c.o:; $(CC) $(CFLAGS) -c $*.c
|
||||
|
||||
-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
|
||||
+CFLAGS = -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
|
||||
$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
|
||||
-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
|
||||
-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
|
27
tcp_wrappers-7.6-fixgethostbyname.patch
Normal file
27
tcp_wrappers-7.6-fixgethostbyname.patch
Normal file
@ -0,0 +1,27 @@
|
||||
--- tcp_wrappers_7.6/socket.c.fixgethostbyname Fri Mar 21 13:27:25 1997
|
||||
+++ tcp_wrappers_7.6/socket.c Mon Feb 5 14:09:40 2001
|
||||
@@ -52,7 +52,8 @@
|
||||
char *name;
|
||||
{
|
||||
char dot_name[MAXHOSTNAMELEN + 1];
|
||||
-
|
||||
+ struct hostent *hp;
|
||||
+
|
||||
/*
|
||||
* Don't append dots to unqualified names. Such names are likely to come
|
||||
* from local hosts files or from NIS.
|
||||
@@ -61,8 +62,12 @@
|
||||
if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
|
||||
return (gethostbyname(name));
|
||||
} else {
|
||||
- sprintf(dot_name, "%s.", name);
|
||||
- return (gethostbyname(dot_name));
|
||||
+ sprintf(dot_name, "%s.", name);
|
||||
+ hp = gethostbyname(dot_name);
|
||||
+ if (hp)
|
||||
+ return hp;
|
||||
+ else
|
||||
+ return (gethostbyname(name));
|
||||
}
|
||||
}
|
||||
|
35
tcp_wrappers-7.6-ldflags.patch
Normal file
35
tcp_wrappers-7.6-ldflags.patch
Normal file
@ -0,0 +1,35 @@
|
||||
--- tcp_wrappers_7.6/Makefile.ldflags 2004-03-05 14:47:36.438315648 +0100
|
||||
+++ tcp_wrappers_7.6/Makefile 2004-03-05 14:50:01.438272304 +0100
|
||||
@@ -732,26 +732,26 @@
|
||||
ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
|
||||
|
||||
tcpd: tcpd.o $(LIB)
|
||||
- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ tcpd.o $(LDFLAGS) $(LIB) $(LIBS)
|
||||
|
||||
miscd: miscd.o $(LIB)
|
||||
- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ miscd.o $(LDFLAGS) $(LIB) $(LIBS)
|
||||
|
||||
safe_finger: safe_finger.o $(LIB)
|
||||
- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ safe_finger.o $(LDFLAGS) $(LIB) $(LIBS)
|
||||
|
||||
TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
|
||||
|
||||
tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
|
||||
- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
|
||||
|
||||
try-from: try-from.o fakelog.o $(LIB)
|
||||
- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LDFLAGS) $(LIB) $(LIBS)
|
||||
|
||||
TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
|
||||
|
||||
tcpdchk: $(TCPDCHK_OBJ) $(LIB)
|
||||
- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
|
||||
+ $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
|
||||
|
||||
shar: $(KIT)
|
||||
@shar $(KIT)
|
11
tcp_wrappers-7.6-malloc.patch
Normal file
11
tcp_wrappers-7.6-malloc.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- tcp_wrappers_7.6/scaffold.c 1997-03-21 19:27:24.000000000 +0100
|
||||
+++ tcp_wrappers_7.6-fix/scaffold.c 2005-09-13 17:05:17.000000000 +0200
|
||||
@@ -25,8 +25,6 @@
|
||||
#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
|
||||
#endif
|
||||
|
||||
-extern char *malloc();
|
||||
-
|
||||
/* Application-specific. */
|
||||
|
||||
#include "tcpd.h"
|
35
tcp_wrappers-7.6-security.patch
Normal file
35
tcp_wrappers-7.6-security.patch
Normal file
@ -0,0 +1,35 @@
|
||||
--- tcp_wrappers_7.6/tcpd.c.bug11881 Thu Jul 27 15:39:27 2000
|
||||
+++ tcp_wrappers_7.6/tcpd.c Thu Jul 27 15:41:54 2000
|
||||
@@ -60,10 +60,10 @@
|
||||
*/
|
||||
|
||||
if (argv[0][0] == '/') {
|
||||
- strcpy(path, argv[0]);
|
||||
+ strncpy(path, argv[0], sizeof(path));
|
||||
argv[0] = strrchr(argv[0], '/') + 1;
|
||||
} else {
|
||||
- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
|
||||
+ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]);
|
||||
}
|
||||
|
||||
/*
|
||||
--- tcp_wrappers_7.6/eval.c.bug11881 Thu Jul 27 15:39:53 2000
|
||||
+++ tcp_wrappers_7.6/eval.c Thu Jul 27 15:40:51 2000
|
||||
@@ -111,7 +111,7 @@
|
||||
return (hostinfo);
|
||||
#endif
|
||||
if (STR_NE(eval_user(request), unknown)) {
|
||||
- sprintf(both, "%s@%s", request->user, hostinfo);
|
||||
+ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo);
|
||||
return (both);
|
||||
} else {
|
||||
return (hostinfo);
|
||||
@@ -128,7 +128,7 @@
|
||||
char *daemon = eval_daemon(request);
|
||||
|
||||
if (STR_NE(host, unknown)) {
|
||||
- sprintf(both, "%s@%s", daemon, host);
|
||||
+ snprintf(both, sizeof(both), "%s@%s", daemon, host);
|
||||
return (both);
|
||||
} else {
|
||||
return (daemon);
|
11
tcp_wrappers-7.6-setenv.patch
Normal file
11
tcp_wrappers-7.6-setenv.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- tcp_wrappers_7.6/Makefile.old Thu Jun 25 22:54:24 1998
|
||||
+++ tcp_wrappers_7.6/Makefile Thu Jun 25 22:54:50 1998
|
||||
@@ -143,7 +143,7 @@
|
||||
|
||||
linux:
|
||||
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
|
||||
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
|
||||
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
|
||||
NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
|
||||
|
||||
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
|
1035
tcp_wrappers-7.6-shared_lib_plus_plus-1.patch
Normal file
1035
tcp_wrappers-7.6-shared_lib_plus_plus-1.patch
Normal file
File diff suppressed because it is too large
Load Diff
38
tcp_wrappers-7.6-sig.patch
Normal file
38
tcp_wrappers-7.6-sig.patch
Normal file
@ -0,0 +1,38 @@
|
||||
diff -pur tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6-fix/hosts_access.c
|
||||
--- tcp_wrappers_7.6/hosts_access.c 1997-02-12 02:13:23.000000000 +0100
|
||||
+++ tcp_wrappers_7.6-fix/hosts_access.c 2005-09-13 16:11:41.000000000 +0200
|
||||
@@ -57,6 +57,7 @@ static char sep[] = ", \t\r\n";
|
||||
|
||||
#define YES 1
|
||||
#define NO 0
|
||||
+#define ERR -1
|
||||
|
||||
/*
|
||||
* These variables are globally visible so that they can be redirected in
|
||||
@@ -114,11 +115,11 @@ struct request_info *request;
|
||||
verdict = setjmp(tcpd_buf);
|
||||
if (verdict != 0)
|
||||
return (verdict == AC_PERMIT);
|
||||
- if (table_match(hosts_allow_table, request))
|
||||
+ if (table_match(hosts_allow_table, request) == YES)
|
||||
return (YES);
|
||||
- if (table_match(hosts_deny_table, request))
|
||||
- return (NO);
|
||||
- return (YES);
|
||||
+ if (table_match(hosts_deny_table, request) == NO)
|
||||
+ return (YES);
|
||||
+ return (NO);
|
||||
}
|
||||
|
||||
/* table_match - match table entries with (daemon, client) pair */
|
||||
@@ -162,8 +163,9 @@ struct request_info *request;
|
||||
(void) fclose(fp);
|
||||
} else if (errno != ENOENT) {
|
||||
tcpd_warn("cannot open %s: %m", table);
|
||||
+ match = ERR;
|
||||
}
|
||||
- if (match) {
|
||||
+ if (match == YES) {
|
||||
if (hosts_access_verbose > 1)
|
||||
syslog(LOG_DEBUG, "matched: %s line %d",
|
||||
tcpd_context.file, tcpd_context.line);
|
27
tcp_wrappers-7.6-strerror.patch
Normal file
27
tcp_wrappers-7.6-strerror.patch
Normal file
@ -0,0 +1,27 @@
|
||||
--- tcp-wrappers-7.6/percent_m.c
|
||||
+++ tcp-wrappers-7.6/percent_m.c
|
||||
@@ -13,7 +13,7 @@
|
||||
#include <string.h>
|
||||
|
||||
extern int errno;
|
||||
-#ifndef SYS_ERRLIST_DEFINED
|
||||
+#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
|
||||
extern char *sys_errlist[];
|
||||
extern int sys_nerr;
|
||||
#endif
|
||||
@@ -29,11 +29,15 @@
|
||||
|
||||
while (*bp = *cp)
|
||||
if (*cp == '%' && cp[1] == 'm') {
|
||||
+#ifdef HAVE_STRERROR
|
||||
+ strcpy(bp, strerror(errno));
|
||||
+#else
|
||||
if (errno < sys_nerr && errno > 0) {
|
||||
strcpy(bp, sys_errlist[errno]);
|
||||
} else {
|
||||
sprintf(bp, "Unknown error %d", errno);
|
||||
}
|
||||
+#endif
|
||||
bp += strlen(bp);
|
||||
cp += 2;
|
||||
} else {
|
121
tcp_wrappers.spec
Normal file
121
tcp_wrappers.spec
Normal file
@ -0,0 +1,121 @@
|
||||
Name: tcp_wrappers
|
||||
Version: 7.6
|
||||
Release: 4mamba
|
||||
Summary: A security tool which acts as a wrapper for TCP daemons
|
||||
Group: System/Servers
|
||||
Vendor: openmamba
|
||||
Distribution: openmamba
|
||||
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
||||
URL: http://ftp.porcupine.org/pub/security/
|
||||
Source: http://ftp.porcupine.org/pub/security/%{name}_%{version}.tar.gz
|
||||
Patch0: %{name}-7.6-conf.patch
|
||||
Patch1: %{name}-7.6-setenv.patch
|
||||
Patch2: %{name}-7.6-security.patch
|
||||
Patch3: %{name}-7.6-strerror.patch
|
||||
Patch4: %{name}-7.6-fixgethostbyname.patch
|
||||
Patch5: %{name}-7.6-ldflags.patch
|
||||
Patch6: %{name}-7.6-sig.patch
|
||||
Patch7: %{name}-7.6-malloc.patch
|
||||
Patch8: %{name}-7.6-shared_lib_plus_plus-1.patch
|
||||
License: Distributable
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
|
||||
%description
|
||||
The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
|
||||
|
||||
Install the tcp_wrappers program if you need a security tool for filtering incoming network services requests.
|
||||
|
||||
%package -n libwrap
|
||||
Summary: A security library which acts as a wrapper for TCP daemons
|
||||
Group: System/Libraries
|
||||
|
||||
%description -n libwrap
|
||||
The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
|
||||
This package contains the static libraries and header files for the tcp_wrappers program.
|
||||
|
||||
%package -n libwrap-devel
|
||||
Summary: A security library which acts as a wrapper for TCP daemons
|
||||
Group: Development/Libraries
|
||||
Requires: libwrap = %{version}-%{release}
|
||||
Obsoletes: tcp_wrappers-devel
|
||||
Provides: tcp_wrappers-devel
|
||||
|
||||
%description -n libwrap-devel
|
||||
The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
|
||||
This package contains the static libraries and header files for the tcp_wrappers program.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}_%{version}
|
||||
%patch8 -p1
|
||||
#%patch0 -p1
|
||||
#%patch1 -p1
|
||||
%patch2 -p1
|
||||
#%patch3 -p1
|
||||
%patch4 -p1
|
||||
#%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
|
||||
sed -i "s|/usr/lib/|/usr/%_lib/|g" Makefile
|
||||
|
||||
%build
|
||||
%if "%{_host}" != "%{_build}"
|
||||
sed -i "s|-lwrap|-lnsl -lwrap|" Makefile
|
||||
%endif
|
||||
%make linux -j1 LDFLAGS="-pie" CC=%{_host}-gcc MY_LIB="-lnsl"
|
||||
|
||||
%install
|
||||
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
||||
sed -i "s|-o root -g root ||" Makefile
|
||||
install -d %{buildroot}%{_sbindir} %{buildroot}%{_libdir} \
|
||||
%{buildroot}%{_mandir}/man{3,5,8} \
|
||||
%{buildroot}%{_includedir} \
|
||||
|
||||
%makeinstall
|
||||
|
||||
%clean
|
||||
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%{_sbindir}/*
|
||||
%{_mandir}/man8/tcpd.8.gz
|
||||
%{_mandir}/man8/tcpdchk.8.gz
|
||||
%{_mandir}/man8/tcpdmatch.8.gz
|
||||
%{_mandir}/man8/try-from.8.gz
|
||||
%{_mandir}/man8/safe_finger.8.gz
|
||||
%{_mandir}/man8/safe_finger.8.gz
|
||||
|
||||
%files -n libwrap
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libwrap.so.*
|
||||
%{_mandir}/man5/hosts_access.5.gz
|
||||
%{_mandir}/man5/hosts_options.5.gz
|
||||
%doc BLURB CHANGES README* DISCLAIMER Banners.Makefile
|
||||
|
||||
%files -n libwrap-devel
|
||||
%defattr(-,root,root)
|
||||
%{_includedir}/tcpd.h
|
||||
%{_libdir}/libwrap.a
|
||||
%{_libdir}/libwrap.so
|
||||
%{_mandir}/man3/hosts_access.3.gz
|
||||
%{_mandir}/man3/hosts_ctl.3.gz
|
||||
%{_mandir}/man3/request_init.3.gz
|
||||
%{_mandir}/man3/request_set.3.gz
|
||||
|
||||
%changelog
|
||||
* Fri Sep 21 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 7.6-4mamba
|
||||
- added shared_lib_plus_plus patch for dynamic library and build fixes for other packages
|
||||
- use Makefile for install, remove specfile code
|
||||
- created libwrap and libwrap-devel (obsoleting tcp_wrappers-devel)
|
||||
|
||||
* Mon Jun 26 2006 Davide Madrisan <davide.madrisan@qilinux.it> 7.6-3qilnx
|
||||
- specfile fixed
|
||||
|
||||
* Tue Sep 13 2005 Davide Madrisan <davide.madrisan@qilinux.it> 7.6-2qilnx
|
||||
- specfile fixes
|
||||
- misc security fixes
|
||||
- fixed gcc compilation errors
|
||||
|
||||
* Tue Apr 17 2003 Luca Tinelli <luca.tinelli@qinet.it> 7.6-1qilnx
|
||||
- first build
|
Loading…
Reference in New Issue
Block a user