added shared_lib_plus_plus patch for dynamic library and build fixes for other packages

use Makefile for install, remove specfile code
created libwrap and libwrap-devel (obsoleting tcp_wrappers-devel) [release 7.6-4mamba;Fri Sep 21 2007]
This commit is contained in:
Silvan Calarco 2024-01-05 18:21:34 +01:00
parent 69ef619ec5
commit 82b31e57e6
11 changed files with 1428 additions and 0 deletions

View File

@ -1,2 +1,6 @@
# tcp_wrappers
The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
Install the tcp_wrappers program if you need a security tool for filtering incoming network services requests.

View File

@ -0,0 +1,84 @@
diff -ru tcp_wrappers_7.6/Makefile tcp_wrappers_7.6-fix/Makefile
--- tcp_wrappers_7.6/Makefile 1997-03-21 19:27:21.000000000 +0100
+++ tcp_wrappers_7.6-fix/Makefile 2005-09-13 15:24:10.000000000 +0200
@@ -44,7 +44,7 @@
#REAL_DAEMON_DIR=/usr/etc
#
# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin
+REAL_DAEMON_DIR=/usr/sbin
#
# BSD 4.4
#REAL_DAEMON_DIR=/usr/libexec
@@ -144,7 +144,7 @@
linux:
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
+ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
hpux hpux8 hpux9 hpux10:
@@ -491,7 +491,7 @@
# Uncomment the next definition to turn on the language extensions
# (examples: allow, deny, banners, twist and spawn).
#
-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
+STYLE = -DPROCESS_OPTIONS # Enable language extensions.
################################################################
# Optional: Changing the default disposition of logfile records
@@ -514,7 +514,7 @@
#
# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
+FACILITY= LOG_AUTHPRIV
# The syslog priority at which successful connections are logged.
@@ -531,7 +531,7 @@
# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
#
-# DOT= -DAPPEND_DOT
+DOT= -DAPPEND_DOT
##################################################
# Optional: Always attempt remote username lookups
@@ -551,7 +551,7 @@
# still do selective username lookups as documented in the hosts_access.5
# and hosts_options.5 manual pages (`nroff -man' format).
#
-#AUTH = -DALWAYS_RFC931
+AUTH = -DALWAYS_RFC931
#
# The default username lookup timeout is 10 seconds. This may not be long
# enough for slow hosts or networks, but is enough to irritate PC users.
@@ -610,7 +610,7 @@
# Paranoid mode implies hostname lookup. In order to disable hostname
# lookups altogether, see the next section.
-PARANOID= -DPARANOID
+PARANOID= #-DPARANOID
########################################
# Optional: turning off hostname lookups
@@ -649,7 +649,7 @@
# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
# Solaris 2.x, and Linux. See your system documentation for details.
#
-# KILL_OPT= -DKILL_IP_OPTIONS
+KILL_OPT= -DKILL_IP_OPTIONS
## End configuration options
############################
@@ -659,7 +659,7 @@
SHELL = /bin/sh
.c.o:; $(CC) $(CFLAGS) -c $*.c
-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
+CFLAGS = -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \

View File

@ -0,0 +1,27 @@
--- tcp_wrappers_7.6/socket.c.fixgethostbyname Fri Mar 21 13:27:25 1997
+++ tcp_wrappers_7.6/socket.c Mon Feb 5 14:09:40 2001
@@ -52,7 +52,8 @@
char *name;
{
char dot_name[MAXHOSTNAMELEN + 1];
-
+ struct hostent *hp;
+
/*
* Don't append dots to unqualified names. Such names are likely to come
* from local hosts files or from NIS.
@@ -61,8 +62,12 @@
if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
return (gethostbyname(name));
} else {
- sprintf(dot_name, "%s.", name);
- return (gethostbyname(dot_name));
+ sprintf(dot_name, "%s.", name);
+ hp = gethostbyname(dot_name);
+ if (hp)
+ return hp;
+ else
+ return (gethostbyname(name));
}
}

View File

@ -0,0 +1,35 @@
--- tcp_wrappers_7.6/Makefile.ldflags 2004-03-05 14:47:36.438315648 +0100
+++ tcp_wrappers_7.6/Makefile 2004-03-05 14:50:01.438272304 +0100
@@ -732,26 +732,26 @@
ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
tcpd: tcpd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
+ $(CC) $(CFLAGS) -o $@ tcpd.o $(LDFLAGS) $(LIB) $(LIBS)
miscd: miscd.o $(LIB)
- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
+ $(CC) $(CFLAGS) -o $@ miscd.o $(LDFLAGS) $(LIB) $(LIBS)
safe_finger: safe_finger.o $(LIB)
- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
+ $(CC) $(CFLAGS) -o $@ safe_finger.o $(LDFLAGS) $(LIB) $(LIBS)
TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
+ $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
try-from: try-from.o fakelog.o $(LIB)
- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
+ $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LDFLAGS) $(LIB) $(LIBS)
TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
tcpdchk: $(TCPDCHK_OBJ) $(LIB)
- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
+ $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
shar: $(KIT)
@shar $(KIT)

View File

@ -0,0 +1,11 @@
--- tcp_wrappers_7.6/scaffold.c 1997-03-21 19:27:24.000000000 +0100
+++ tcp_wrappers_7.6-fix/scaffold.c 2005-09-13 17:05:17.000000000 +0200
@@ -25,8 +25,6 @@
#define INADDR_NONE (-1) /* XXX should be 0xffffffff */
#endif
-extern char *malloc();
-
/* Application-specific. */
#include "tcpd.h"

View File

@ -0,0 +1,35 @@
--- tcp_wrappers_7.6/tcpd.c.bug11881 Thu Jul 27 15:39:27 2000
+++ tcp_wrappers_7.6/tcpd.c Thu Jul 27 15:41:54 2000
@@ -60,10 +60,10 @@
*/
if (argv[0][0] == '/') {
- strcpy(path, argv[0]);
+ strncpy(path, argv[0], sizeof(path));
argv[0] = strrchr(argv[0], '/') + 1;
} else {
- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
+ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]);
}
/*
--- tcp_wrappers_7.6/eval.c.bug11881 Thu Jul 27 15:39:53 2000
+++ tcp_wrappers_7.6/eval.c Thu Jul 27 15:40:51 2000
@@ -111,7 +111,7 @@
return (hostinfo);
#endif
if (STR_NE(eval_user(request), unknown)) {
- sprintf(both, "%s@%s", request->user, hostinfo);
+ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo);
return (both);
} else {
return (hostinfo);
@@ -128,7 +128,7 @@
char *daemon = eval_daemon(request);
if (STR_NE(host, unknown)) {
- sprintf(both, "%s@%s", daemon, host);
+ snprintf(both, sizeof(both), "%s@%s", daemon, host);
return (both);
} else {
return (daemon);

View File

@ -0,0 +1,11 @@
--- tcp_wrappers_7.6/Makefile.old Thu Jun 25 22:54:24 1998
+++ tcp_wrappers_7.6/Makefile Thu Jun 25 22:54:50 1998
@@ -143,7 +143,7 @@
linux:
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,38 @@
diff -pur tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6-fix/hosts_access.c
--- tcp_wrappers_7.6/hosts_access.c 1997-02-12 02:13:23.000000000 +0100
+++ tcp_wrappers_7.6-fix/hosts_access.c 2005-09-13 16:11:41.000000000 +0200
@@ -57,6 +57,7 @@ static char sep[] = ", \t\r\n";
#define YES 1
#define NO 0
+#define ERR -1
/*
* These variables are globally visible so that they can be redirected in
@@ -114,11 +115,11 @@ struct request_info *request;
verdict = setjmp(tcpd_buf);
if (verdict != 0)
return (verdict == AC_PERMIT);
- if (table_match(hosts_allow_table, request))
+ if (table_match(hosts_allow_table, request) == YES)
return (YES);
- if (table_match(hosts_deny_table, request))
- return (NO);
- return (YES);
+ if (table_match(hosts_deny_table, request) == NO)
+ return (YES);
+ return (NO);
}
/* table_match - match table entries with (daemon, client) pair */
@@ -162,8 +163,9 @@ struct request_info *request;
(void) fclose(fp);
} else if (errno != ENOENT) {
tcpd_warn("cannot open %s: %m", table);
+ match = ERR;
}
- if (match) {
+ if (match == YES) {
if (hosts_access_verbose > 1)
syslog(LOG_DEBUG, "matched: %s line %d",
tcpd_context.file, tcpd_context.line);

View File

@ -0,0 +1,27 @@
--- tcp-wrappers-7.6/percent_m.c
+++ tcp-wrappers-7.6/percent_m.c
@@ -13,7 +13,7 @@
#include <string.h>
extern int errno;
-#ifndef SYS_ERRLIST_DEFINED
+#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
extern char *sys_errlist[];
extern int sys_nerr;
#endif
@@ -29,11 +29,15 @@
while (*bp = *cp)
if (*cp == '%' && cp[1] == 'm') {
+#ifdef HAVE_STRERROR
+ strcpy(bp, strerror(errno));
+#else
if (errno < sys_nerr && errno > 0) {
strcpy(bp, sys_errlist[errno]);
} else {
sprintf(bp, "Unknown error %d", errno);
}
+#endif
bp += strlen(bp);
cp += 2;
} else {

121
tcp_wrappers.spec Normal file
View File

@ -0,0 +1,121 @@
Name: tcp_wrappers
Version: 7.6
Release: 4mamba
Summary: A security tool which acts as a wrapper for TCP daemons
Group: System/Servers
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://ftp.porcupine.org/pub/security/
Source: http://ftp.porcupine.org/pub/security/%{name}_%{version}.tar.gz
Patch0: %{name}-7.6-conf.patch
Patch1: %{name}-7.6-setenv.patch
Patch2: %{name}-7.6-security.patch
Patch3: %{name}-7.6-strerror.patch
Patch4: %{name}-7.6-fixgethostbyname.patch
Patch5: %{name}-7.6-ldflags.patch
Patch6: %{name}-7.6-sig.patch
Patch7: %{name}-7.6-malloc.patch
Patch8: %{name}-7.6-shared_lib_plus_plus-1.patch
License: Distributable
BuildRoot: %{_tmppath}/%{name}-%{version}-root
%description
The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
Install the tcp_wrappers program if you need a security tool for filtering incoming network services requests.
%package -n libwrap
Summary: A security library which acts as a wrapper for TCP daemons
Group: System/Libraries
%description -n libwrap
The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
This package contains the static libraries and header files for the tcp_wrappers program.
%package -n libwrap-devel
Summary: A security library which acts as a wrapper for TCP daemons
Group: Development/Libraries
Requires: libwrap = %{version}-%{release}
Obsoletes: tcp_wrappers-devel
Provides: tcp_wrappers-devel
%description -n libwrap-devel
The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, ftp, telnet, rlogin, rsh, exec, tftp, talk and other network services.
This package contains the static libraries and header files for the tcp_wrappers program.
%prep
%setup -q -n %{name}_%{version}
%patch8 -p1
#%patch0 -p1
#%patch1 -p1
%patch2 -p1
#%patch3 -p1
%patch4 -p1
#%patch5 -p1
%patch6 -p1
%patch7 -p1
sed -i "s|/usr/lib/|/usr/%_lib/|g" Makefile
%build
%if "%{_host}" != "%{_build}"
sed -i "s|-lwrap|-lnsl -lwrap|" Makefile
%endif
%make linux -j1 LDFLAGS="-pie" CC=%{_host}-gcc MY_LIB="-lnsl"
%install
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
sed -i "s|-o root -g root ||" Makefile
install -d %{buildroot}%{_sbindir} %{buildroot}%{_libdir} \
%{buildroot}%{_mandir}/man{3,5,8} \
%{buildroot}%{_includedir} \
%makeinstall
%clean
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%files
%defattr(-,root,root)
%{_sbindir}/*
%{_mandir}/man8/tcpd.8.gz
%{_mandir}/man8/tcpdchk.8.gz
%{_mandir}/man8/tcpdmatch.8.gz
%{_mandir}/man8/try-from.8.gz
%{_mandir}/man8/safe_finger.8.gz
%{_mandir}/man8/safe_finger.8.gz
%files -n libwrap
%defattr(-,root,root)
%{_libdir}/libwrap.so.*
%{_mandir}/man5/hosts_access.5.gz
%{_mandir}/man5/hosts_options.5.gz
%doc BLURB CHANGES README* DISCLAIMER Banners.Makefile
%files -n libwrap-devel
%defattr(-,root,root)
%{_includedir}/tcpd.h
%{_libdir}/libwrap.a
%{_libdir}/libwrap.so
%{_mandir}/man3/hosts_access.3.gz
%{_mandir}/man3/hosts_ctl.3.gz
%{_mandir}/man3/request_init.3.gz
%{_mandir}/man3/request_set.3.gz
%changelog
* Fri Sep 21 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 7.6-4mamba
- added shared_lib_plus_plus patch for dynamic library and build fixes for other packages
- use Makefile for install, remove specfile code
- created libwrap and libwrap-devel (obsoleting tcp_wrappers-devel)
* Mon Jun 26 2006 Davide Madrisan <davide.madrisan@qilinux.it> 7.6-3qilnx
- specfile fixed
* Tue Sep 13 2005 Davide Madrisan <davide.madrisan@qilinux.it> 7.6-2qilnx
- specfile fixes
- misc security fixes
- fixed gcc compilation errors
* Tue Apr 17 2003 Luca Tinelli <luca.tinelli@qinet.it> 7.6-1qilnx
- first build