added shared_lib_plus_plus patch for dynamic library and build fixes for other packages

use Makefile for install, remove specfile code
created libwrap and libwrap-devel (obsoleting tcp_wrappers-devel) [release 7.6-4mamba;Fri Sep 21 2007]

README.md

@@ -1,2 +1,6 @@
 # tcp_wrappers
 
+The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
+
+Install the tcp_wrappers program if you need a security tool for filtering incoming network services requests.
+

tcp_wrappers-7.6-conf.patch

@@ -0,0 +1,84 @@
+diff -ru tcp_wrappers_7.6/Makefile tcp_wrappers_7.6-fix/Makefile
+--- tcp_wrappers_7.6/Makefile	1997-03-21 19:27:21.000000000 +0100
++++ tcp_wrappers_7.6-fix/Makefile	2005-09-13 15:24:10.000000000 +0200
+@@ -44,7 +44,7 @@
+ #REAL_DAEMON_DIR=/usr/etc
+ #
+ # SysV.4 Solaris 2.x OSF AIX
+-#REAL_DAEMON_DIR=/usr/sbin
++REAL_DAEMON_DIR=/usr/sbin
+ #
+ # BSD 4.4
+ #REAL_DAEMON_DIR=/usr/libexec
+@@ -144,7 +144,7 @@
+ linux:
+ 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+ 	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
+-	NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
++	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+ 
+ # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
+ hpux hpux8 hpux9 hpux10:
+@@ -491,7 +491,7 @@
+ # Uncomment the next definition to turn on the language extensions
+ # (examples: allow, deny, banners, twist and spawn).
+ # 
+-#STYLE	= -DPROCESS_OPTIONS	# Enable language extensions.
++STYLE	= -DPROCESS_OPTIONS	# Enable language extensions.
+ 
+ ################################################################
+ # Optional: Changing the default disposition of logfile records
+@@ -514,7 +514,7 @@
+ #
+ # The LOG_XXX names below are taken from the /usr/include/syslog.h file.
+ 
+-FACILITY= LOG_MAIL	# LOG_MAIL is what most sendmail daemons use
++FACILITY= LOG_AUTHPRIV
+ 
+ # The syslog priority at which successful connections are logged.
+ 
+@@ -531,7 +531,7 @@
+ # and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
+ # from /etc/hosts or from NIS maps. It does work with DNS through NIS.
+ #
+-# DOT= -DAPPEND_DOT
++DOT= -DAPPEND_DOT
+ 
+ ##################################################
+ # Optional: Always attempt remote username lookups
+@@ -551,7 +551,7 @@
+ # still do selective username lookups as documented in the hosts_access.5
+ # and hosts_options.5 manual pages (`nroff -man' format).
+ #
+-#AUTH	= -DALWAYS_RFC931
++AUTH = -DALWAYS_RFC931
+ #
+ # The default username lookup timeout is 10 seconds. This may not be long
+ # enough for slow hosts or networks, but is enough to irritate PC users.
+@@ -610,7 +610,7 @@
+ # Paranoid mode implies hostname lookup. In order to disable hostname
+ # lookups altogether, see the next section.
+ 
+-PARANOID= -DPARANOID
++PARANOID= #-DPARANOID
+ 
+ ########################################
+ # Optional: turning off hostname lookups
+@@ -649,7 +649,7 @@
+ # source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
+ # Solaris 2.x, and Linux. See your system documentation for details.
+ #
+-# KILL_OPT= -DKILL_IP_OPTIONS
++KILL_OPT= -DKILL_IP_OPTIONS
+ 
+ ## End configuration options
+ ############################
+@@ -659,7 +659,7 @@
+ SHELL	= /bin/sh
+ .c.o:;	$(CC) $(CFLAGS) -c $*.c
+ 
+-CFLAGS	= -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
++CFLAGS = -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
+ 	$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
+ 	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
+ 	-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \

tcp_wrappers-7.6-fixgethostbyname.patch

@@ -0,0 +1,27 @@
+--- tcp_wrappers_7.6/socket.c.fixgethostbyname	Fri Mar 21 13:27:25 1997
++++ tcp_wrappers_7.6/socket.c	Mon Feb  5 14:09:40 2001
+@@ -52,7 +52,8 @@
+ char   *name;
+ {
+     char    dot_name[MAXHOSTNAMELEN + 1];
+-
++    struct hostent *hp;
++    
+     /*
+      * Don't append dots to unqualified names. Such names are likely to come
+      * from local hosts files or from NIS.
+@@ -61,8 +62,12 @@
+     if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
+ 	return (gethostbyname(name));
+     } else {
+-	sprintf(dot_name, "%s.", name);
+-	return (gethostbyname(dot_name));
++        sprintf(dot_name, "%s.", name);
++        hp = gethostbyname(dot_name);
++	if (hp)
++	    return hp;
++	else
++	    return (gethostbyname(name));
+     }
+ }
+ 

tcp_wrappers-7.6-ldflags.patch

@@ -0,0 +1,35 @@
+--- tcp_wrappers_7.6/Makefile.ldflags	2004-03-05 14:47:36.438315648 +0100
++++ tcp_wrappers_7.6/Makefile	2004-03-05 14:50:01.438272304 +0100
+@@ -732,26 +732,26 @@
+ 	ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
+ 
+ tcpd:	tcpd.o $(LIB)
+-	$(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ tcpd.o $(LDFLAGS) $(LIB) $(LIBS)
+ 
+ miscd:	miscd.o $(LIB)
+-	$(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ miscd.o $(LDFLAGS) $(LIB) $(LIBS)
+ 
+ safe_finger: safe_finger.o $(LIB)
+-	$(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ safe_finger.o $(LDFLAGS) $(LIB) $(LIBS)
+ 
+ TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
+ 
+ tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
+-	$(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
+ 
+ try-from: try-from.o fakelog.o $(LIB)
+-	$(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LDFLAGS) $(LIB) $(LIBS)
+ 
+ TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
+ 
+ tcpdchk: $(TCPDCHK_OBJ) $(LIB)
+-	$(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
+ 
+ shar:	$(KIT)
+ 	@shar $(KIT)

tcp_wrappers-7.6-malloc.patch

@@ -0,0 +1,11 @@
+--- tcp_wrappers_7.6/scaffold.c	1997-03-21 19:27:24.000000000 +0100
++++ tcp_wrappers_7.6-fix/scaffold.c	2005-09-13 17:05:17.000000000 +0200
+@@ -25,8 +25,6 @@
+ #define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
+ #endif
+ 
+-extern char *malloc();
+-
+ /* Application-specific. */
+ 
+ #include "tcpd.h"

tcp_wrappers-7.6-security.patch

@@ -0,0 +1,35 @@
+--- tcp_wrappers_7.6/tcpd.c.bug11881	Thu Jul 27 15:39:27 2000
++++ tcp_wrappers_7.6/tcpd.c	Thu Jul 27 15:41:54 2000
+@@ -60,10 +60,10 @@
+      */
+ 
+     if (argv[0][0] == '/') {
+-	strcpy(path, argv[0]);
++	strncpy(path, argv[0], sizeof(path));
+ 	argv[0] = strrchr(argv[0], '/') + 1;
+     } else {
+-	sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
++	snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]);
+     }
+ 
+     /*
+--- tcp_wrappers_7.6/eval.c.bug11881	Thu Jul 27 15:39:53 2000
++++ tcp_wrappers_7.6/eval.c	Thu Jul 27 15:40:51 2000
+@@ -111,7 +111,7 @@
+ 	return (hostinfo);
+ #endif
+     if (STR_NE(eval_user(request), unknown)) {
+-	sprintf(both, "%s@%s", request->user, hostinfo);
++	snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo);
+ 	return (both);
+     } else {
+ 	return (hostinfo);
+@@ -128,7 +128,7 @@
+     char   *daemon = eval_daemon(request);
+ 
+     if (STR_NE(host, unknown)) {
+-	sprintf(both, "%s@%s", daemon, host);
++	snprintf(both, sizeof(both), "%s@%s", daemon, host);
+ 	return (both);
+     } else {
+ 	return (daemon);

tcp_wrappers-7.6-setenv.patch

@@ -0,0 +1,11 @@
+--- tcp_wrappers_7.6/Makefile.old	Thu Jun 25 22:54:24 1998
++++ tcp_wrappers_7.6/Makefile	Thu Jun 25 22:54:50 1998
+@@ -143,7 +143,7 @@
+ 
+ linux:
+ 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
++	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
+ 	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+ 
+ # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.

tcp_wrappers-7.6-sig.patch

@@ -0,0 +1,38 @@
+diff -pur tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6-fix/hosts_access.c
+--- tcp_wrappers_7.6/hosts_access.c	1997-02-12 02:13:23.000000000 +0100
++++ tcp_wrappers_7.6-fix/hosts_access.c	2005-09-13 16:11:41.000000000 +0200
+@@ -57,6 +57,7 @@ static char sep[] = ", \t\r\n";
+ 
+ #define	YES		1
+ #define	NO		0
++#define ERR		-1
+ 
+  /*
+   * These variables are globally visible so that they can be redirected in
+@@ -114,11 +115,11 @@ struct request_info *request;
+     verdict = setjmp(tcpd_buf);
+     if (verdict != 0)
+ 	return (verdict == AC_PERMIT);
+-    if (table_match(hosts_allow_table, request))
++    if (table_match(hosts_allow_table, request) == YES)
+ 	return (YES);
+-    if (table_match(hosts_deny_table, request))
+-	return (NO);
+-    return (YES);
++    if (table_match(hosts_deny_table, request) == NO)
++       return (YES);
++    return (NO);
+ }
+ 
+ /* table_match - match table entries with (daemon, client) pair */
+@@ -162,8 +163,9 @@ struct request_info *request;
+ 	(void) fclose(fp);
+     } else if (errno != ENOENT) {
+ 	tcpd_warn("cannot open %s: %m", table);
++	match = ERR;
+     }
+-    if (match) {
++    if (match == YES) {
+ 	if (hosts_access_verbose > 1)
+ 	    syslog(LOG_DEBUG, "matched:  %s line %d",
+ 		   tcpd_context.file, tcpd_context.line);

tcp_wrappers-7.6-strerror.patch

@@ -0,0 +1,27 @@
+--- tcp-wrappers-7.6/percent_m.c
++++ tcp-wrappers-7.6/percent_m.c
+@@ -13,7 +13,7 @@
+ #include <string.h>
+ 
+ extern int errno;
+-#ifndef SYS_ERRLIST_DEFINED
++#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
+ extern char *sys_errlist[];
+ extern int sys_nerr;
+ #endif
+@@ -29,11 +29,15 @@
+ 
+     while (*bp = *cp)
+ 	if (*cp == '%' && cp[1] == 'm') {
++#ifdef HAVE_STRERROR
++            strcpy(bp, strerror(errno));
++#else
+ 	    if (errno < sys_nerr && errno > 0) {
+ 		strcpy(bp, sys_errlist[errno]);
+ 	    } else {
+ 		sprintf(bp, "Unknown error %d", errno);
+ 	    }
++#endif
+ 	    bp += strlen(bp);
+ 	    cp += 2;
+ 	} else {

tcp_wrappers.spec

@@ -0,0 +1,121 @@
+Name:          tcp_wrappers
+Version:       7.6
+Release:       4mamba
+Summary:       A security tool which acts as a wrapper for TCP daemons
+Group:         System/Servers
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           http://ftp.porcupine.org/pub/security/
+Source:        http://ftp.porcupine.org/pub/security/%{name}_%{version}.tar.gz
+Patch0:        %{name}-7.6-conf.patch
+Patch1:        %{name}-7.6-setenv.patch
+Patch2:        %{name}-7.6-security.patch
+Patch3:        %{name}-7.6-strerror.patch
+Patch4:        %{name}-7.6-fixgethostbyname.patch
+Patch5:        %{name}-7.6-ldflags.patch
+Patch6:        %{name}-7.6-sig.patch
+Patch7:        %{name}-7.6-malloc.patch
+Patch8:        %{name}-7.6-shared_lib_plus_plus-1.patch
+License:       Distributable
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+
+%description
+The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
+
+Install the tcp_wrappers program if you need a security tool for filtering incoming network services requests.
+
+%package -n libwrap
+Summary:       A security library which acts as a wrapper for TCP daemons
+Group:         System/Libraries
+
+%description -n libwrap
+The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
+This package contains the static libraries and header files for the tcp_wrappers program.
+
+%package -n libwrap-devel
+Summary:       A security library which acts as a wrapper for TCP daemons
+Group:         Development/Libraries
+Requires:      libwrap = %{version}-%{release}
+Obsoletes:     tcp_wrappers-devel
+Provides:      tcp_wrappers-devel
+
+%description -n libwrap-devel
+The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
+This package contains the static libraries and header files for the tcp_wrappers program.
+
+%prep
+%setup -q -n %{name}_%{version}
+%patch8 -p1
+#%patch0 -p1
+#%patch1 -p1
+%patch2 -p1
+#%patch3 -p1
+%patch4 -p1
+#%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+
+sed -i "s|/usr/lib/|/usr/%_lib/|g" Makefile
+
+%build
+%if "%{_host}" != "%{_build}"
+sed -i "s|-lwrap|-lnsl -lwrap|" Makefile
+%endif
+%make linux -j1 LDFLAGS="-pie" CC=%{_host}-gcc MY_LIB="-lnsl"
+
+%install
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+sed -i "s|-o root -g root ||" Makefile
+install -d %{buildroot}%{_sbindir} %{buildroot}%{_libdir} \
+           %{buildroot}%{_mandir}/man{3,5,8} \
+           %{buildroot}%{_includedir} \
+
+%makeinstall
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+
+%files
+%defattr(-,root,root)
+%{_sbindir}/*
+%{_mandir}/man8/tcpd.8.gz
+%{_mandir}/man8/tcpdchk.8.gz
+%{_mandir}/man8/tcpdmatch.8.gz
+%{_mandir}/man8/try-from.8.gz
+%{_mandir}/man8/safe_finger.8.gz
+%{_mandir}/man8/safe_finger.8.gz
+
+%files -n libwrap
+%defattr(-,root,root)
+%{_libdir}/libwrap.so.*
+%{_mandir}/man5/hosts_access.5.gz
+%{_mandir}/man5/hosts_options.5.gz
+%doc BLURB CHANGES README* DISCLAIMER Banners.Makefile
+
+%files -n libwrap-devel
+%defattr(-,root,root)
+%{_includedir}/tcpd.h
+%{_libdir}/libwrap.a
+%{_libdir}/libwrap.so
+%{_mandir}/man3/hosts_access.3.gz
+%{_mandir}/man3/hosts_ctl.3.gz
+%{_mandir}/man3/request_init.3.gz
+%{_mandir}/man3/request_set.3.gz
+
+%changelog
+* Fri Sep 21 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 7.6-4mamba
+- added shared_lib_plus_plus patch for dynamic library and build fixes for other packages
+- use Makefile for install, remove specfile code
+- created libwrap and libwrap-devel (obsoleting tcp_wrappers-devel)
+
+* Mon Jun 26 2006 Davide Madrisan <davide.madrisan@qilinux.it> 7.6-3qilnx
+- specfile fixed
+
+* Tue Sep 13 2005 Davide Madrisan <davide.madrisan@qilinux.it> 7.6-2qilnx
+- specfile fixes
+- misc security fixes
+- fixed gcc compilation errors
+
+* Tue Apr 17 2003 Luca Tinelli <luca.tinelli@qinet.it> 7.6-1qilnx
+- first build