summaryrefslogtreecommitdiff
path: root/sys-apps/tcp-wrappers
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/tcp-wrappers')
-rw-r--r--sys-apps/tcp-wrappers/Manifest9
-rw-r--r--sys-apps/tcp-wrappers/files/hosts.allow.example17
-rw-r--r--sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch295
-rw-r--r--sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch35
-rw-r--r--sys-apps/tcp-wrappers/metadata.xml14
-rw-r--r--sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r1.ebuild97
6 files changed, 467 insertions, 0 deletions
diff --git a/sys-apps/tcp-wrappers/Manifest b/sys-apps/tcp-wrappers/Manifest
new file mode 100644
index 000000000000..60f9d3a6e22e
--- /dev/null
+++ b/sys-apps/tcp-wrappers/Manifest
@@ -0,0 +1,9 @@
+AUX hosts.allow.example 585 SHA256 fbcdcedbdc985d8f0cc79e9a8752e69553b48aa38662321046cd4eae9f4d7e3b SHA512 63587dd4552b688dc5ed0adde3932e43e5287129315211498063f09e37c1f8beee0de60d7d4f69df7149bd500546a2fd59a6094d71f9c0be221426eae3cb869b WHIRLPOOL 449f28dad80a13497baa7d5d43cc99b8e7159b8e38dc7659947c9dd76ca2e8d7153de84a3706ec6658d94bb70d5b35554b72e9cf8f35bc8eaf27dacb8229cae9
+AUX tcp-wrappers-7.6-headers.patch 5419 SHA256 86d24cdf5d1c7f88d21b174988234d5024f506982e029e173c06cb5456c46bb0 SHA512 48cd3d8951ef0f0106c51f1a1de6116fe1f68bf49f321b956d4f9dac1b3f1b6c2964163deb3d1bb449a2ac672e471c4b216e0e616de4a2dad0665d767d13f786 WHIRLPOOL 721d65254fd0d39152e0ba1c860fba5bb8c08ab61d1c89a10e1da9ed274b41ba2734253e79e0c680fe72cdf720eba7243c7b7e6f33d383c074f078b2c64d923d
+AUX tcp-wrappers-7.6-redhat-bug11881.patch 956 SHA256 b8b3bbbe223d3496b25070d1fbc62d9a1424709e20d380b55390b13f03b46e03 SHA512 d530f788c3b40f5ec2836ba7c6e73df529869ef465b93fe2b2d8460dfcb5e9031e78c8e6a99c71d6262a05b82f25e694fdd717686198a87dfcb2c9b9d5a52ef4 WHIRLPOOL 05620832e55b9ef396601851d22e6fc1e60adb655340b1c1909c8138454b38338cba3bf9976d8458d157cc2ce8a3f30450efdf82943b885e325965b2d93697b7
+DIST tcp-wrappers_7.6.q-22.debian.tar.gz 41730 SHA256 0ff28337c5effe4f91e7ea43ddd65fc629c06922326f5ef2804f70943be64fb3 SHA512 cee45f265c34ec1c4e9e81d54be636dcd9702964f9cf5bb076f72d6772d2dbc638d2ef366560b51c24a216724807826bb3b7bf9d5d0f5c0923b71de7d0b002a8 WHIRLPOOL 4a22c083d3bfe18af020ea48663ab3eb5a77d613665bbeb935daffcce64641d66f5c32a88ef4e4dbf8b4edfe9d71bfc4e35601451d065c10806ea726430d2aa8
+DIST tcp_wrappers_7.6.tar.gz 99438 SHA256 9543d7adedf78a6de0b221ccbbd1952e08b5138717f4ade814039bb489a4315d SHA512 2d9d003791f8d00912a36ae00579e2b8dd7ad8a7bf8eae259659bcaf5365b150540ff6c93c91765872c76041579b7a02b6e3c64528fb7f8235680399ba1d9dac WHIRLPOOL e04861d03a49dd6d6d5cd9eba86732a40e79deff39d981a5e883bcfae4979c6e1c2a388eabd84691927b159e606a5649073473a717cb62c12cbd8546d75635bf
+EBUILD tcp-wrappers-7.6.22-r1.ebuild 2646 SHA256 a7714fc579e20b6930cdaf028e71dba05f9e13d9d5c2b7c1b645d50fd698bfbb SHA512 14ee69fbebc7a93bd887284f110d67c33f6079f91d41b9e6b9819f758d73875c300c557378dc1f3146b736730de843be7cc94b7534bf34f5ad81bd23ef828115 WHIRLPOOL 828a664a6491193e2e485a9cf362048f08c17f1629bf0f3490bc80542e84bb6065f395d6a1ecbd115c1c52412c0e9591e222a036e9bd3cc26a2c2887fb96bb9f
+MISC ChangeLog 3067 SHA256 29e51eb852a26eb44c578a64eeca54b77cb3fade2db4b691704f20aba5084201 SHA512 824c6ed9803ed18b28ba05cec26b4b68d83526dbc0e8c278f783322e29dcd41ed61a2b0ef4b28831b233a67a8c00821fb2a77d9469c18f9a54a38c233ff82615 WHIRLPOOL c6b2ea7b936ac2308bcdfb63c62620d6e9e0432785983e7c6b4f318abe77687a95606cb1c2ff3e6348ac7c54338faccb44e6fdf859911e9beb9e3034555410d0
+MISC ChangeLog-2015 9465 SHA256 43739e3b74da006f224d644eeae490246e8528d333eb7345b4c7e11895dca00e SHA512 008ca06bccff5dcb4be6e4fc9383827dcc84bacd481da55d4eabf3e0d540389c8e2a9e0e02b2450532714637638742e5b6c0379e9c48d12416324ca9df35bd11 WHIRLPOOL c4d079b7bea29393935c9365c47d631bb74d2e728eaa691061395b3b259749ef223f25a1f4b847ec5638652bc2761a04ef319e52d21ff54230468ff45a66e78f
+MISC metadata.xml 440 SHA256 7cf7feea8b3221313ae2b674c64fa6bbf24cac03d83c120f22d2d4ba996c8bf9 SHA512 3075ada2500265fa53064720159a33779d79c46e4244a5cc6624d0c2de81dcacf62f89232162182bf29477c36025f4b3f4618d9ae3f592ebd714a658425428a5 WHIRLPOOL 9b7be91e1cd0f47d2ea6045ca653c1de5c23503342ec3cbf28e55fe9e8cad629277fafb9cbc77ea8fdbfcd320047067b773b9596682b485635ac6a4136305e4f
diff --git a/sys-apps/tcp-wrappers/files/hosts.allow.example b/sys-apps/tcp-wrappers/files/hosts.allow.example
new file mode 100644
index 000000000000..c473eb95155e
--- /dev/null
+++ b/sys-apps/tcp-wrappers/files/hosts.allow.example
@@ -0,0 +1,17 @@
+# For more information, please see the hosts.allow(5) manpage
+
+# Rule format:
+# daemon : client list
+# The value for 'daemon' is determined by the name of the binary.
+# OpenSSH runs as 'sshd' so you would use 'sshd' for 'daemon'.
+# Client list can be a list of ip's or hostnames.
+
+# Allow only sshd connections from ips matching 192.168.0.*
+#sshd: 192.168.0.
+
+# Only allow sendmail connections from the localhost
+#sendmail: localhost
+
+# Allow everyone from foobar.edu to access everything except for
+# the terminalserver
+#ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch
new file mode 100644
index 000000000000..328a4a102618
--- /dev/null
+++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch
@@ -0,0 +1,295 @@
+--- a/options.c
++++ b/options.c
+@@ -34,6 +34,8 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <sys/socket.h>
+--- a/safe_finger.c
++++ b/safe_finger.c
+@@ -20,6 +20,11 @@
+
+ /* System libraries */
+
++#include <unistd.h>
++#include <fcntl.h>
++#include <stdlib.h>
++#include <sys/wait.h>
++#include <grp.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <signal.h>
+@@ -27,7 +31,7 @@
+ #include <ctype.h>
+ #include <pwd.h>
+
+-extern void exit();
++int pipe_stdin(char **argv);
+
+ /* Local stuff */
+
+--- a/scaffold.c
++++ b/scaffold.c
+@@ -10,6 +10,7 @@
+
+ /* System libraries. */
+
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/socket.h>
+@@ -27,7 +27,4 @@
+ #endif
+
+-#ifndef INET6
+-extern char *malloc();
+-#endif
+
+ /* Application-specific. */
+--- a/shell_cmd.c
++++ b/shell_cmd.c
+@@ -14,6 +14,10 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
++#include <fcntl.h>
++#include <sys/wait.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <signal.h>
+@@ -25,8 +25,6 @@
+ #include <syslog.h>
+ #include <string.h>
+
+-extern void exit();
+-
+ /* Local stuff. */
+
+ #include "tcpd.h"
+--- a/tcpdchk.c
++++ b/tcpdchk.c
+@@ -20,6 +20,8 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #ifdef INET6
+@@ -35,10 +36,7 @@
+ #include <netdb.h>
+ #include <string.h>
+
+-extern int errno;
+-extern void exit();
+-extern int optind;
+-extern char *optarg;
++int cidr_mask_addr(char *str);
+
+ #ifndef INADDR_NONE
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+--- a/clean_exit.c
++++ b/clean_exit.c
+@@ -13,8 +13,8 @@
+ #endif
+
+ #include <stdio.h>
+-
+-extern void exit();
++#include <unistd.h>
++#include <stdlib.h>
+
+ #include "tcpd.h"
+
+--- a/hosts_access.c
++++ b/hosts_access.c
+@@ -23,6 +23,7 @@
+
+ /* System libraries. */
+
++#include <stdlib.h>
+ #include <sys/types.h>
+ #ifdef INT32_T
+ typedef uint32_t u_int32_t;
+@@ -43,8 +44,8 @@
+ #include <netdb.h>
+ #endif
+
+-extern char *fgets();
+-extern int errno;
++static int match_pattern_ylo(const char *s, const char *pattern);
++int cidr_mask_addr(char *str);
+
+ #ifndef INADDR_NONE
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+--- a/inetcf.c
++++ b/inetcf.c
+@@ -9,15 +9,14 @@
+ static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23";
+ #endif
+
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <stdio.h>
+ #include <errno.h>
+ #include <string.h>
+
+-extern int errno;
+-extern void exit();
+-
++#include "scaffold.h"
+ #include "tcpd.h"
+ #include "inetcf.h"
+
+--- a/percent_x.c
++++ b/percent_x.c
+@@ -16,12 +16,12 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
+
+-extern void exit();
+-
+ /* Local stuff. */
+
+ #include "tcpd.h"
+--- a/rfc931.c
++++ b/rfc931.c
+@@ -15,6 +15,7 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <sys/types.h>
+--- a/tcpd.c
++++ b/tcpd.c
+@@ -16,6 +16,7 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <sys/stat.h>
+@@ -39,6 +39,8 @@
+ #include "patchlevel.h"
+ #include "tcpd.h"
+
++void fix_options(struct request_info *request);
++
+ int allow_severity = SEVERITY; /* run-time adjustable */
+ int deny_severity = LOG_WARNING; /* ditto */
+
+--- a/tcpdmatch.c
++++ b/tcpdmatch.c
+@@ -19,6 +19,8 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/socket.h>
+@@ -30,9 +32,6 @@
+ #include <setjmp.h>
+ #include <string.h>
+
+-extern void exit();
+-extern int optind;
+-extern char *optarg;
+
+ #ifndef INADDR_NONE
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+--- a/update.c
++++ b/update.c
+@@ -19,6 +19,7 @@
+
+ /* System libraries */
+
++#include <unistd.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
+--- a/misc.c
++++ b/misc.c
+@@ -14,11 +14,10 @@
+ #include <arpa/inet.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <stdlib.h>
+
+ #include "tcpd.h"
+
+-extern char *fgets();
+-
+ #ifndef INADDR_NONE
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+ #endif
+--- a/fix_options.c
++++ b/fix_options.c
+@@ -32,6 +32,7 @@
+
+ /* fix_options - get rid of IP-level socket options */
+
++void
+ fix_options(request)
+ struct request_info *request;
+ {
+@@ -38,11 +38,8 @@
+ #ifdef IP_OPTIONS
+ unsigned char optbuf[BUFFER_SIZE / 3], *cp;
+ char lbuf[BUFFER_SIZE], *lp;
+-#ifdef __GLIBC__
+- size_t optsize = sizeof(optbuf), ipproto;
+-#else
+- int optsize = sizeof(optbuf), ipproto;
+-#endif
++ socklen_t optsize = sizeof(optbuf);
++ int ipproto;
+ struct protoent *ip;
+ int fd = request->fd;
+ unsigned int opt;
+--- a/socket.c
++++ b/socket.c
+@@ -95,11 +95,7 @@
+ static struct sockaddr_in client;
+ static struct sockaddr_in server;
+ #endif
+-#ifdef __GLIBC__
+- size_t len;
+-#else
+- int len;
+-#endif
++ socklen_t len;
+ char buf[BUFSIZ];
+ int fd = request->fd;
+
+@@ -430,11 +426,7 @@
+ #else
+ struct sockaddr_in sin;
+ #endif
+-#ifdef __GLIBC__
+- size_t size = sizeof(sin);
+-#else
+- int size = sizeof(sin);
+-#endif
++ socklen_t size;
+
+ /*
+ * Eat up the not-yet received datagram. Some systems insist on a
diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch
new file mode 100644
index 000000000000..4a6847621c57
--- /dev/null
+++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch
@@ -0,0 +1,35 @@
+--- tcp_wrappers_7.6/tcpd.c.bug11881
++++ tcp_wrappers_7.6/tcpd.c
+@@ -60,10 +60,10 @@
+ */
+
+ if (argv[0][0] == '/') {
+- strcpy(path, argv[0]);
++ strncpy(path, argv[0], sizeof(path));
+ argv[0] = strrchr(argv[0], '/') + 1;
+ } else {
+- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
++ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]);
+ }
+
+ /*
+--- tcp_wrappers_7.6/eval.c.bug11881
++++ tcp_wrappers_7.6/eval.c
+@@ -111,7 +111,7 @@
+ return (hostinfo);
+ #endif
+ if (STR_NE(eval_user(request), unknown)) {
+- sprintf(both, "%s@%s", request->user, hostinfo);
++ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo);
+ return (both);
+ } else {
+ return (hostinfo);
+@@ -128,7 +128,7 @@
+ char *daemon = eval_daemon(request);
+
+ if (STR_NE(host, unknown)) {
+- sprintf(both, "%s@%s", daemon, host);
++ snprintf(both, sizeof(both), "%s@%s", daemon, host);
+ return (both);
+ } else {
+ return (daemon);
diff --git a/sys-apps/tcp-wrappers/metadata.xml b/sys-apps/tcp-wrappers/metadata.xml
new file mode 100644
index 000000000000..aedbb1a2c097
--- /dev/null
+++ b/sys-apps/tcp-wrappers/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+</maintainer>
+<use>
+ <flag name="netgroups">
+ Support matching NIS (host) netgroup names via the @netgroup syntax
+ (if you don't know what this means, you most likely do not need it)
+ </flag>
+</use>
+</pkgmetadata>
diff --git a/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r1.ebuild b/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r1.ebuild
new file mode 100644
index 000000000000..041dd954900f
--- /dev/null
+++ b/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r1.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="4"
+
+inherit eutils toolchain-funcs versionator flag-o-matic multilib-minimal
+
+MY_PV=$(get_version_component_range 1-2)
+DEB_PV=$(get_version_component_range 3)
+MY_P="${PN//-/_}_${MY_PV}"
+DESCRIPTION="TCP Wrappers"
+HOMEPAGE="ftp://ftp.porcupine.org/pub/security/index.html"
+SRC_URI="ftp://ftp.porcupine.org/pub/security/${MY_P}.tar.gz
+ mirror://debian/pool/main/t/${PN}/${PN}_${MY_PV}.q-${DEB_PV}.debian.tar.gz"
+
+LICENSE="tcp_wrappers_license"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux"
+IUSE="ipv6 netgroups static-libs"
+
+RDEPEND="
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20131008-r4
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S=${WORKDIR}/${MY_P}
+
+src_prepare() {
+ EPATCH_OPTS="-p1" \
+ epatch $(sed -e 's:^:../debian/patches/:' ../debian/patches/series)
+ epatch "${FILESDIR}"/${PN}-7.6-headers.patch
+ epatch "${FILESDIR}"/${PN}-7.6-redhat-bug11881.patch
+
+ multilib_copy_sources
+}
+
+temake() {
+ local mycppflags="-DHAVE_WEAKSYMS -DHAVE_STRERROR -DSYS_ERRLIST_DEFINED"
+ use ipv6 && mycppflags+=" -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len"
+ emake \
+ REAL_DAEMON_DIR="${EPREFIX}"/usr/sbin \
+ TLI= VSYSLOG= PARANOID= BUGS= \
+ AUTH="-DALWAYS_RFC931" \
+ AUX_OBJ="weak_symbols.o" \
+ DOT="-DAPPEND_DOT" \
+ HOSTNAME="-DALWAYS_HOSTNAME" \
+ NETGROUP=$(usex netgroups -DNETGROUPS "") \
+ STYLE="-DPROCESS_OPTIONS" \
+ LIBS=$(usex netgroups -lnsl "") \
+ LIB=$(usex static-libs libwrap.a "") \
+ AR="$(tc-getAR)" ARFLAGS=rc \
+ CC="$(tc-getCC)" \
+ RANLIB="$(tc-getRANLIB)" \
+ COPTS="${CFLAGS} ${CPPFLAGS} ${mycppflags}" \
+ LDFLAGS="${LDFLAGS}" \
+ "$@" || die
+}
+
+multilib_src_configure() {
+ tc-export AR RANLIB
+ temake config-check
+}
+
+multilib_src_compile() {
+ temake all
+}
+
+multilib_src_install() {
+ into /usr
+ use static-libs && dolib.a libwrap.a
+ dolib.so shared/libwrap.so*
+
+ insinto /usr/include
+ doins tcpd.h
+
+ if multilib_is_native_abi; then
+ gen_usr_ldscript -a wrap
+ dosbin tcpd tcpdchk tcpdmatch safe_finger try-from
+ fi
+}
+
+multilib_src_install_all() {
+ doman *.[358]
+ dosym hosts_access.5 /usr/share/man/man5/hosts.allow.5
+ dosym hosts_access.5 /usr/share/man/man5/hosts.deny.5
+
+ insinto /etc
+ newins "${FILESDIR}"/hosts.allow.example hosts.allow
+
+ dodoc BLURB CHANGES DISCLAIMER README*
+}
+
+pkg_preinst() {
+ # don't clobber people with our default example config
+ [[ -e ${EROOT}/etc/hosts.allow ]] && cp -pP "${EROOT}"/etc/hosts.allow "${ED}"/etc/hosts.allow
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-12 17:11:10 +0000