diff --git a/.cvsignore b/.cvsignore index e69de29..59e6073 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +tcp_wrappers_7.6.tar.gz diff --git a/sources b/sources index e69de29..7c11142 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +e6fa25f71226d090f34de3f6b122fb5a tcp_wrappers_7.6.tar.gz diff --git a/tcp_wrappers-7.6-bug11881.patch b/tcp_wrappers-7.6-bug11881.patch new file mode 100644 index 0000000..0c869b4 --- /dev/null +++ b/tcp_wrappers-7.6-bug11881.patch @@ -0,0 +1,35 @@ +--- tcp_wrappers_7.6/tcpd.c.bug11881 Thu Jul 27 15:39:27 2000 ++++ tcp_wrappers_7.6/tcpd.c Thu Jul 27 15:41:54 2000 +@@ -60,10 +60,10 @@ + */ + + if (argv[0][0] == '/') { +- strcpy(path, argv[0]); ++ strncpy(path, argv[0], sizeof(path)); + argv[0] = strrchr(argv[0], '/') + 1; + } else { +- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]); ++ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]); + } + + /* +--- tcp_wrappers_7.6/eval.c.bug11881 Thu Jul 27 15:39:53 2000 ++++ tcp_wrappers_7.6/eval.c Thu Jul 27 15:40:51 2000 +@@ -111,7 +111,7 @@ + return (hostinfo); + #endif + if (STR_NE(eval_user(request), unknown)) { +- sprintf(both, "%s@%s", request->user, hostinfo); ++ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo); + return (both); + } else { + return (hostinfo); +@@ -128,7 +128,7 @@ + char *daemon = eval_daemon(request); + + if (STR_NE(host, unknown)) { +- sprintf(both, "%s@%s", daemon, host); ++ snprintf(both, sizeof(both), "%s@%s", daemon, host); + return (both); + } else { + return (daemon); diff --git a/tcp_wrappers.spec b/tcp_wrappers.spec new file mode 100644 index 0000000..0bdd3e5 --- /dev/null +++ b/tcp_wrappers.spec @@ -0,0 +1,123 @@ +Summary: A security tool which acts as a wrapper for TCP daemons. +Name: tcp_wrappers +Version: 7.6 +Release: 15 +Copyright: Distributable +Group: System Environment/Daemons +Source: ftp://coast.cs.purdue.edu/pub/tools/unix/tcp_wrappers/tcp_wrappers_7.6.tar.gz +Patch: tcpw7.2-config.patch +Patch1: tcpw7.2-setenv.patch +Patch2: tcpw7.6-netgroup.patch +Patch3: tcp_wrappers-7.6-bug11881.patch +BuildRoot: %{_tmppath}/%{name}-root + +%description +The tcp_wrappers package provides small daemon programs which can +monitor and filter incoming requests for systat, finger, FTP, telnet, +rlogin, rsh, exec, tftp, talk and other network services. + +Install the tcp_wrappers program if you need a security tool for +filtering incoming network services requests. + +%prep +%setup -q -n tcp_wrappers_7.6 +%patch0 -p1 -b .config +%patch1 -p1 -b .setenv +%patch2 -p1 -b .netgroup +%patch3 -p1 -b .bug11881 + +%build +%ifarch sparc sparc64 sparcv9 +RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC" +export RPM_OPT_FLAGS +%endif +make linux + +%install +rm -rf ${RPM_BUILD_ROOT} +mkdir -p ${RPM_BUILD_ROOT}%{_includedir} +mkdir -p ${RPM_BUILD_ROOT}%{_libdir} +mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{3,5,8} +mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} + +cp hosts_access.3 ${RPM_BUILD_ROOT}%{_mandir}/man3 +cp hosts_access.5 hosts_options.5 ${RPM_BUILD_ROOT}%{_mandir}/man5 +cp tcpd.8 tcpdchk.8 tcpdmatch.8 ${RPM_BUILD_ROOT}%{_mandir}/man8 +ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.allow.5 +ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.deny.5 +cp libwrap.a ${RPM_BUILD_ROOT}%{_libdir} +cp tcpd.h ${RPM_BUILD_ROOT}%{_includedir} +install -m755 safe_finger ${RPM_BUILD_ROOT}%{_sbindir} +install -m711 tcpd ${RPM_BUILD_ROOT}%{_sbindir} +install -m755 try-from ${RPM_BUILD_ROOT}%{_sbindir} + +# XXX remove utilities that expect /etc/inetd.conf (#16059). +#install -m755 tcpdchk ${RPM_BUILD_ROOT}%{_sbindir} +#install -m755 tcpdmatch ${RPM_BUILD_ROOT}%{_sbindir} +rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdmatch.* +rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdchk.* + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%files +%defattr(-,root,root) +%doc BLURB CHANGES README* DISCLAIMER Banners.Makefile +%{_mandir}/man[358]/* +%{_includedir}/* +%{_libdir}/* +%{_sbindir}/* + +%changelog +* Mon Aug 14 2000 Jeff Johnson +- remove utilities that expect /etc/inetd.conf (#16059). + +* Thu Jul 27 2000 Jeff Johnson +- security hardening (#11881). + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Tue Jun 6 2000 Jeff Johnson +- FHS packaging. + +* Tue May 16 2000 Chris Evans +- Make tcpd mode -rwx--x--x as a security hardening measure + +* Mon Feb 7 2000 Jeff Johnson +- compress man pages. + +* Mon Aug 23 1999 Jeff Johnson +- add netgroup support (#3940). + +* Wed May 26 1999 Jeff Johnson +- compile on sparc with -fPIC. + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 7) + +* Wed Dec 30 1998 Cristian Gafton +- build for glibc 2.1 + +* Sat Aug 22 1998 Jeff Johnson +- close setenv bug (problem #690) +- spec file cleanup + +* Thu Jun 25 1998 Alan Cox +- Erp where did the Dec 05 patch escape to + +* Thu May 07 1998 Prospector System +- translations modified for de, fr, tr + +* Fri Dec 05 1997 Erik Troan +- don't build setenv.o module -- it just breaks things + +* Wed Oct 29 1997 Marc Ewing +- upgrade to 7.6 + +* Thu Jul 17 1997 Erik Troan +- built against glibc + +* Mon Mar 03 1997 Erik Troan +- Upgraded to version 7.5 +- Uses a build root diff --git a/tcpw7.2-config.patch b/tcpw7.2-config.patch new file mode 100644 index 0000000..2dbcc39 --- /dev/null +++ b/tcpw7.2-config.patch @@ -0,0 +1,93 @@ +--- tcp_wrappers_7.4/Makefile.orig Mon Mar 25 13:22:25 1996 ++++ tcp_wrappers_7.4/Makefile Fri Aug 9 17:31:01 1996 +@@ -43,7 +43,7 @@ + #REAL_DAEMON_DIR=/usr/etc + # + # SysV.4 Solaris 2.x OSF AIX +-#REAL_DAEMON_DIR=/usr/sbin ++REAL_DAEMON_DIR=/usr/sbin + # + # BSD 4.4 + #REAL_DAEMON_DIR=/usr/libexec +@@ -143,7 +143,7 @@ + linux: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ +- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all ++ NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all + + # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. + hpux hpux8 hpux9: +@@ -461,7 +461,7 @@ + # Uncomment the next definition to turn on the language extensions + # (examples: allow, deny, banners, twist and spawn). + # +-#STYLE = -DPROCESS_OPTIONS # Enable language extensions. ++STYLE = -DPROCESS_OPTIONS # Enable language extensions. + + ################################################################ + # Optional: Changing the default disposition of logfile records +@@ -484,7 +484,8 @@ + # + # The LOG_XXX names below are taken from the /usr/include/syslog.h file. + +-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use ++#FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use ++FACILITY= LOG_AUTHPRIV # LOG_AUTHPRIV is more appropriate for RH 2.0 + + # The syslog priority at which successful connections are logged. + +@@ -500,7 +501,7 @@ + # off by default because it causes problems on sites that don't use DNS + # and with Solaris < 2.4. + # +-# DOT= -DAPPEND_DOT ++DOT= -DAPPEND_DOT + + ################################################## + # Optional: Always attempt remote username lookups +@@ -520,7 +521,7 @@ + # still do selective username lookups as documented in the hosts_access.5 + # and hosts_options.5 manual pages (`nroff -man' format). + # +-#AUTH = -DALWAYS_RFC931 ++AUTH = #-DALWAYS_RFC931 + # + # The default username lookup timeout is 10 seconds. This may not be long + # enough for slow hosts or networks, but is enough to irritate PC users. +@@ -579,7 +580,7 @@ + # Paranoid mode implies hostname lookup. In order to disable hostname + # lookups altogether, see the next section. + +-PARANOID= -DPARANOID ++PARANOID= #-DPARANOID + + ######################################## + # Optional: turning off hostname lookups +@@ -592,7 +593,7 @@ + # In order to perform selective hostname lookups, disable paranoid + # mode (see previous section) and comment out the following definition. + +-HOSTNAME= -DALWAYS_HOSTNAME ++HOSTNAME= #-DALWAYS_HOSTNAME + + ############################################# + # Optional: Turning on host ADDRESS checking +@@ -617,7 +618,7 @@ + # + # Uncomment the following macro definition if your getsockopt() is OK. + # +-# KILL_OPT= -DKILL_IP_OPTIONS ++KILL_OPT= -DKILL_IP_OPTIONS + + ## End configuration options + ############################ +@@ -627,7 +628,7 @@ + SHELL = /bin/sh + .c.o:; $(CC) $(CFLAGS) -c $*.c + +-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ ++CFLAGS = -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ + $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \ + -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \ + -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ diff --git a/tcpw7.2-setenv.patch b/tcpw7.2-setenv.patch new file mode 100644 index 0000000..3ec9068 --- /dev/null +++ b/tcpw7.2-setenv.patch @@ -0,0 +1,11 @@ +--- tcp_wrappers_7.6/Makefile.old Thu Jun 25 22:54:24 1998 ++++ tcp_wrappers_7.6/Makefile Thu Jun 25 22:54:50 1998 +@@ -143,7 +143,7 @@ + + linux: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ ++ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ + NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all + + # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. diff --git a/tcpw7.6-netgroup.patch b/tcpw7.6-netgroup.patch new file mode 100644 index 0000000..b27c1e4 --- /dev/null +++ b/tcpw7.6-netgroup.patch @@ -0,0 +1,13 @@ +--- tcp_wrappers_7.6/Makefile.netgroup Mon Aug 23 17:24:17 1999 ++++ tcp_wrappers_7.6/Makefile Mon Aug 23 17:25:22 1999 +@@ -143,8 +143,8 @@ + + linux: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ +- NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all ++ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ ++ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all + + # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. + hpux hpux8 hpux9 hpux10: