wok-next rev 20878
libwrap: fix build, finally :)
author | Aleksej Bobylev <al.bobylev@gmail.com> |
---|---|
date | Sat Jul 07 14:25:00 2018 +0300 (2018-07-07) |
parents | 67e8d6b33992 |
children | 642c924029f7 |
files | libwrap/receipt libwrap/stuff/hosts.allow libwrap/stuff/hosts.deny libwrap/stuff/patches/series libwrap/stuff/patches/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch libwrap/stuff/slitaz.patch libwrap/stuff/tcp-wrappers-headers.patch libwrap/stuff/tcp-wrappers-redhat-bug11881.patch |
line diff
1.1 --- a/libwrap/receipt Fri Jul 06 14:18:54 2018 +0300 1.2 +++ b/libwrap/receipt Sat Jul 07 14:25:00 2018 +0300 1.3 @@ -1,51 +1,74 @@ 1.4 # SliTaz package receipt v2. 1.5 1.6 PACKAGE="libwrap" 1.7 -VERSION="7.6" 1.8 +VERSION="7.6.24" 1.9 CATEGORY="system-tools" 1.10 -SHORT_DESC="Wietse Venema's network logger" 1.11 +SHORT_DESC="Monitors and Controls incoming TCP connections" 1.12 MAINTAINER="erjo@slitaz.org" 1.13 LICENSE="BSD" 1.14 -SOURCE="tcp_wrappers" 1.15 -TARBALL="${SOURCE}_${VERSION}.tar.gz" 1.16 WEB_SITE="ftp://ftp.porcupine.org/pub/security/index.html" 1.17 + 1.18 +TARBALL="tcp_wrappers_${VERSION%.*}.tar.gz" 1.19 WGET_URL="ftp://ftp.porcupine.org/pub/security/$TARBALL" 1.20 1.21 +TARBALL2="tcp-wrappers_${VERSION%.*}.q-${VERSION##*.}.debian.tar.xz" 1.22 +WGET_URL2="http://http.debian.net/debian/pool/main/t/tcp-wrappers/$TARBALL2" 1.23 + 1.24 SPLIT="libwrap-dev tcpd" 1.25 1.26 -# Rules to configure and make the package. 1.27 -compile_rules() 1.28 -{ 1.29 - sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c 1.30 - 1.31 - make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux 1.32 +compile_rules() { 1.33 + [ -e "$SRC/$TARBALL2" ] || wget -P $SRC $WGET_URL2 1.34 + tar -xf $SRC/$TARBALL2 1.35 + 1.36 + for patch in $(cat debian/patches/series); do 1.37 + echo "Applying patch $patch" 1.38 + patch -Np1 -i debian/patches/$patch | sed 's|^| |' 1.39 + done 1.40 + for patch in tcp-wrappers-headers.patch tcp-wrappers-redhat-bug11881.patch \ 1.41 + slitaz.patch; do 1.42 + echo "Applying patch $patch" 1.43 + patch -Np1 -i $stuff/$patch | sed 's|^| |' 1.44 + done 1.45 + echo 1.46 + 1.47 + make \ 1.48 + COPTS="$CFLAGS" \ 1.49 + LDOPTS="$LDFLAGS" \ 1.50 + REAL_DAEMON_DIR='/usr/bin' \ 1.51 + STYLE='-DPROCESS_OPTIONS' \ 1.52 + linux || return 1 1.53 + 1.54 + # === install === 1.55 + # dirs 1.56 + install -d $install/etc/ $install/usr/include/ $install/usr/bin/ $install/usr/lib/ 1.57 + # bins 1.58 + install -m755 safe_finger tcpd tcpdchk tcpdmatch try-from -t $install/usr/bin/ 1.59 + # libs 1.60 + install -m755 shared/libwrap.so.0.${VERSION%.*} -t $install/usr/lib/ 1.61 + ln -s libwrap.so.0.${VERSION%.*} $install/usr/lib/libwrap.so.0 1.62 + ln -s libwrap.so.0 $install/usr/lib/libwrap.so 1.63 + # headers 1.64 + install -m644 tcpd.h -t $install/usr/include/ 1.65 + # configs 1.66 + install -m644 $stuff/hosts.* -t $install/etc/ 1.67 + # mans & docs 1.68 + cook_pick_manpages *.3 *.5 *.8 1.69 + cook_pick_docs README 1.70 } 1.71 1.72 -# Rules to gen a SliTaz package suitable for Tazpkg. 1.73 -genpkg_rules() 1.74 -{ 1.75 +genpkg_rules() { 1.76 case $PACKAGE in 1.77 - libwrap) 1.78 - mkdir -p $fs/usr/lib 1.79 - cp -a $src/shared/*.so* $fs/usr/lib 1.80 - ;; 1.81 - libwrap-dev) 1.82 - mkdir -p $fs/usr/include $fs/usr/lib 1.83 - cp -a $src/tcpd.h $fs/usr/include 1.84 - cp -a $src/*.a $fs/usr/lib 1.85 - ;; 1.86 - tcpd) 1.87 - CAT="development|network encapsulation files" 1.88 - CONFIG_FILES="/etc/hosts.allow /etc/hosts.deny" 1.89 - DEPENDS="libwrap" 1.90 - mkdir -p $fs/usr/sbin $fs/etc 1.91 - cp -a $src/tcpd $fs/usr/sbin 1.92 - cp -a $src/tcpdchk $fs/usr/sbin 1.93 - cp -a $src/tcpdmatch $fs/usr/sbin 1.94 - cp -a $src/try-from $fs/usr/sbin 1.95 - cp -a $src/safe_finger $fs/usr/sbin 1.96 - echo "ALL : 127.0.0.1, 192.168." > $fs/etc/hosts.allow 1.97 - touch $fs/etc/hosts.deny 1.98 - ;; 1.99 + libwrap) 1.100 + copy *.so* 1.101 + ;; 1.102 + *-dev) 1.103 + copy @dev 1.104 + ;; 1.105 + tcpd) 1.106 + copy @std @rm 1.107 + CAT="development|network encapsulation files" 1.108 + CONFIG_FILES="/etc/hosts.allow /etc/hosts.deny" 1.109 + DEPENDS="libwrap" 1.110 + ;; 1.111 esac 1.112 }
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/libwrap/stuff/hosts.allow Sat Jul 07 14:25:00 2018 +0300 2.3 @@ -0,0 +1,7 @@ 2.4 +# 2.5 +# /etc/hosts.allow 2.6 +# 2.7 + 2.8 +ALL : 127.0.0.1, 192.268. 2.9 + 2.10 +# End of file
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/libwrap/stuff/hosts.deny Sat Jul 07 14:25:00 2018 +0300 3.3 @@ -0,0 +1,7 @@ 3.4 +# 3.5 +# /etc/hosts.deny 3.6 +# 3.7 + 3.8 +ALL: ALL 3.9 + 3.10 +# End of file
4.1 --- a/libwrap/stuff/patches/series Fri Jul 06 14:18:54 2018 +0300 4.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 4.3 @@ -1,2 +0,0 @@ 4.4 -# Patch from Linux From Scratch 4.5 --p1|tcp_wrappers-7.6-shared_lib_plus_plus-1.patch
5.1 --- a/libwrap/stuff/patches/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch Fri Jul 06 14:18:54 2018 +0300 5.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 5.3 @@ -1,1035 +0,0 @@ 5.4 -Submitted By: Tushar Teredesai <tushar@linuxfromscratch.org> 5.5 -Date: 2003-10-04 5.6 -Initial Package Version: 7.6 5.7 -Origin: http://archives.linuxfromscratch.org/mail-archives/blfs-dev/2003-January/001960.html 5.8 -Description: The patch was created from the tcp_wrappers modified package by Mark Heerdink. 5.9 -This patch provides the following improvements: 5.10 - * Install libwrap.so along with libwrap.a. 5.11 - * Create an install target for tcp_wrappers. 5.12 - * Compilation and security fixes. 5.13 - * Documentation fixes. 5.14 -diff -Naur tcp_wrappers_7.6/Makefile tcp_wrappers_7.6.gimli/Makefile 5.15 ---- tcp_wrappers_7.6/Makefile 1997-03-21 12:27:21.000000000 -0600 5.16 -+++ tcp_wrappers_7.6.gimli/Makefile 2002-07-15 16:07:21.000000000 -0500 5.17 -@@ -1,5 +1,10 @@ 5.18 -+GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h) 5.19 -+ 5.20 - # @(#) Makefile 1.23 97/03/21 19:27:20 5.21 - 5.22 -+# unset the HOSTNAME environment variable 5.23 -+HOSTNAME = 5.24 -+ 5.25 - what: 5.26 - @echo 5.27 - @echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:" 5.28 -@@ -19,7 +24,7 @@ 5.29 - @echo " generic (most bsd-ish systems with sys5 compatibility)" 5.30 - @echo " 386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543" 5.31 - @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix" 5.32 -- @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211" 5.33 -+ @echo " linux gnu machten mips(untested) ncrsvr4 netbsd next osf power_unix_211" 5.34 - @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4" 5.35 - @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2" 5.36 - @echo " uts215 uxp" 5.37 -@@ -43,8 +48,8 @@ 5.38 - # Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx 5.39 - #REAL_DAEMON_DIR=/usr/etc 5.40 - # 5.41 --# SysV.4 Solaris 2.x OSF AIX 5.42 --#REAL_DAEMON_DIR=/usr/sbin 5.43 -+# SysV.4 Solaris 2.x OSF AIX Linux 5.44 -+REAL_DAEMON_DIR=/usr/sbin 5.45 - # 5.46 - # BSD 4.4 5.47 - #REAL_DAEMON_DIR=/usr/libexec 5.48 -@@ -141,10 +146,21 @@ 5.49 - LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ 5.50 - EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all 5.51 - 5.52 -+ifneq ($(GLIBC),0) 5.53 -+MYLIB=-lnsl 5.54 -+endif 5.55 -+ 5.56 - linux: 5.57 - @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ 5.58 -- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ 5.59 -- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all 5.60 -+ LIBS=$(MYLIB) RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \ 5.61 -+ NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= all \ 5.62 -+ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_WEAKSYMS -D_REENTRANT" 5.63 -+ 5.64 -+gnu: 5.65 -+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ 5.66 -+ LIBS=$(MYLIB) RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \ 5.67 -+ NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= all \ 5.68 -+ EXTRA_CFLAGS="-DHAVE_STRERROR -DHAVE_WEAKSYMS -D_REENTRANT" 5.69 - 5.70 - # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. 5.71 - hpux hpux8 hpux9 hpux10: 5.72 -@@ -391,7 +407,7 @@ 5.73 - # the ones provided with this source distribution. The environ.c module 5.74 - # implements setenv(), getenv(), and putenv(). 5.75 - 5.76 --AUX_OBJ= setenv.o 5.77 -+#AUX_OBJ= setenv.o 5.78 - #AUX_OBJ= environ.o 5.79 - #AUX_OBJ= environ.o strcasecmp.o 5.80 - 5.81 -@@ -454,7 +470,8 @@ 5.82 - # host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work 5.83 - # around this. The workaround does no harm on other Solaris versions. 5.84 - 5.85 --BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK 5.86 -+BUGS = 5.87 -+#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK 5.88 - #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG 5.89 - #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG 5.90 - 5.91 -@@ -464,7 +481,7 @@ 5.92 - # If your system supports NIS or YP-style netgroups, enable the following 5.93 - # macro definition. Netgroups are used only for host access control. 5.94 - # 5.95 --#NETGROUP= -DNETGROUP 5.96 -+NETGROUP= -DNETGROUP 5.97 - 5.98 - ############################################################### 5.99 - # System dependencies: whether or not your system has vsyslog() 5.100 -@@ -491,7 +508,7 @@ 5.101 - # Uncomment the next definition to turn on the language extensions 5.102 - # (examples: allow, deny, banners, twist and spawn). 5.103 - # 5.104 --#STYLE = -DPROCESS_OPTIONS # Enable language extensions. 5.105 -+STYLE = -DPROCESS_OPTIONS # Enable language extensions. 5.106 - 5.107 - ################################################################ 5.108 - # Optional: Changing the default disposition of logfile records 5.109 -@@ -514,7 +531,7 @@ 5.110 - # 5.111 - # The LOG_XXX names below are taken from the /usr/include/syslog.h file. 5.112 - 5.113 --FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use 5.114 -+FACILITY= LOG_DAEMON # LOG_MAIL is what most sendmail daemons use 5.115 - 5.116 - # The syslog priority at which successful connections are logged. 5.117 - 5.118 -@@ -610,7 +627,7 @@ 5.119 - # Paranoid mode implies hostname lookup. In order to disable hostname 5.120 - # lookups altogether, see the next section. 5.121 - 5.122 --PARANOID= -DPARANOID 5.123 -+#PARANOID= -DPARANOID 5.124 - 5.125 - ######################################## 5.126 - # Optional: turning off hostname lookups 5.127 -@@ -623,7 +640,7 @@ 5.128 - # In order to perform selective hostname lookups, disable paranoid 5.129 - # mode (see previous section) and comment out the following definition. 5.130 - 5.131 --HOSTNAME= -DALWAYS_HOSTNAME 5.132 -+#HOSTNAME= -DALWAYS_HOSTNAME 5.133 - 5.134 - ############################################# 5.135 - # Optional: Turning on host ADDRESS checking 5.136 -@@ -649,28 +666,46 @@ 5.137 - # source-routed traffic in the kernel. Examples: 4.4BSD derivatives, 5.138 - # Solaris 2.x, and Linux. See your system documentation for details. 5.139 - # 5.140 --# KILL_OPT= -DKILL_IP_OPTIONS 5.141 -+KILL_OPT= -DKILL_IP_OPTIONS 5.142 - 5.143 - ## End configuration options 5.144 - ############################ 5.145 - 5.146 - # Protection against weird shells or weird make programs. 5.147 - 5.148 -+CC = gcc 5.149 - SHELL = /bin/sh 5.150 --.c.o:; $(CC) $(CFLAGS) -c $*.c 5.151 -+.c.o:; $(CC) $(CFLAGS) -o $*.o -c $*.c 5.152 -+ 5.153 -+SOMAJOR = 0 5.154 -+SOMINOR = 7.6 5.155 -+ 5.156 -+LIB = libwrap.a 5.157 -+SHLIB = shared/libwrap.so.$(SOMAJOR).$(SOMINOR) 5.158 -+SHLIBSOMAJ= shared/libwrap.so.$(SOMAJOR) 5.159 -+SHLIBSO = shared/libwrap.so 5.160 -+SHLIBFLAGS = -Lshared -lwrap 5.161 - 5.162 --CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ 5.163 -+shared/%.o: %.c 5.164 -+ $(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@ 5.165 -+ 5.166 -+CFLAGS = -O2 -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ 5.167 - $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \ 5.168 - -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \ 5.169 - -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ 5.170 - $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \ 5.171 - $(VSYSLOG) $(HOSTNAME) 5.172 - 5.173 -+SHLINKFLAGS = -shared -Xlinker -soname -Xlinker libwrap.so.$(SOMAJOR) -lc $(LIBS) 5.174 -+SHCFLAGS = -fPIC -shared -D_REENTRANT 5.175 -+ 5.176 - LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \ 5.177 - hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \ 5.178 - $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \ 5.179 - update.o misc.o diag.o percent_m.o myvsyslog.o 5.180 - 5.181 -+SHLIB_OBJ= $(addprefix shared/, $(LIB_OBJ)); 5.182 -+ 5.183 - FROM_OBJ= fromhost.o 5.184 - 5.185 - KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \ 5.186 -@@ -684,46 +719,80 @@ 5.187 - refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \ 5.188 - scaffold.h tcpdmatch.8 README.NIS 5.189 - 5.190 --LIB = libwrap.a 5.191 -- 5.192 --all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk 5.193 -+all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(LIB) 5.194 - 5.195 - # Invalidate all object files when the compiler options (CFLAGS) have changed. 5.196 - 5.197 - config-check: 5.198 - @set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; } 5.199 -- @set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \ 5.200 -- if cmp cflags /tmp/cflags.$$$$ ; \ 5.201 -- then rm /tmp/cflags.$$$$ ; \ 5.202 -- else mv /tmp/cflags.$$$$ cflags ; \ 5.203 -+ @set +e; echo $(CFLAGS) >cflags.new ; \ 5.204 -+ if cmp cflags cflags.new ; \ 5.205 -+ then rm cflags.new ; \ 5.206 -+ else mv cflags.new cflags ; \ 5.207 - fi >/dev/null 2>/dev/null 5.208 -+ @if [ ! -d shared ]; then mkdir shared; fi 5.209 - 5.210 - $(LIB): $(LIB_OBJ) 5.211 - rm -f $(LIB) 5.212 - $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ) 5.213 - -$(RANLIB) $(LIB) 5.214 - 5.215 --tcpd: tcpd.o $(LIB) 5.216 -- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS) 5.217 -+$(SHLIB): $(SHLIB_OBJ) 5.218 -+ rm -f $(SHLIB) 5.219 -+ $(CC) -o $(SHLIB) $(SHLINKFLAGS) $(SHLIB_OBJ) 5.220 -+ ln -s $(notdir $(SHLIB)) $(SHLIBSOMAJ) 5.221 -+ ln -s $(notdir $(SHLIBSOMAJ)) $(SHLIBSO) 5.222 -+ 5.223 -+tcpd: tcpd.o $(SHLIB) 5.224 -+ $(CC) $(CFLAGS) -o $@ tcpd.o $(SHLIBFLAGS) 5.225 - 5.226 --miscd: miscd.o $(LIB) 5.227 -- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS) 5.228 -+miscd: miscd.o $(SHLIB) 5.229 -+ $(CC) $(CFLAGS) -o $@ miscd.o $(SHLIBFLAGS) 5.230 - 5.231 --safe_finger: safe_finger.o $(LIB) 5.232 -- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS) 5.233 -+safe_finger: safe_finger.o $(SHLIB) 5.234 -+ $(CC) $(CFLAGS) -o $@ safe_finger.o $(SHLIBFLAGS) 5.235 - 5.236 - TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o 5.237 - 5.238 --tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) 5.239 -- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS) 5.240 -+tcpdmatch: $(TCPDMATCH_OBJ) $(SHLIB) 5.241 -+ $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS) 5.242 - 5.243 --try-from: try-from.o fakelog.o $(LIB) 5.244 -- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS) 5.245 -+try-from: try-from.o fakelog.o $(SHLIB) 5.246 -+ $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS) 5.247 - 5.248 - TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o 5.249 - 5.250 --tcpdchk: $(TCPDCHK_OBJ) $(LIB) 5.251 -- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS) 5.252 -+tcpdchk: $(TCPDCHK_OBJ) $(SHLIB) 5.253 -+ $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(SHLIBFLAGS) 5.254 -+ 5.255 -+install: install-lib install-bin install-dev 5.256 -+ 5.257 -+install-lib: 5.258 -+ install -o root -g root -m 0755 $(SHLIB) ${DESTDIR}/usr/lib/ 5.259 -+ ln -sf $(notdir $(SHLIB)) ${DESTDIR}/usr/lib/$(notdir $(SHLIBSOMAJ)) 5.260 -+ ln -sf $(notdir $(SHLIBSOMAJ)) ${DESTDIR}/usr/lib/$(notdir $(SHLIBSO)) 5.261 -+ 5.262 -+install-bin: 5.263 -+ install -o root -g root -m 0755 tcpd ${DESTDIR}/usr/sbin/ 5.264 -+ install -o root -g root -m 0755 tcpdchk ${DESTDIR}/usr/sbin/ 5.265 -+ install -o root -g root -m 0755 tcpdmatch ${DESTDIR}/usr/sbin/ 5.266 -+ install -o root -g root -m 0755 try-from ${DESTDIR}/usr/sbin/ 5.267 -+ install -o root -g root -m 0755 safe_finger ${DESTDIR}/usr/sbin/ 5.268 -+ install -o root -g root -m 0644 tcpd.8 ${DESTDIR}/usr/share/man/man8/ 5.269 -+ install -o root -g root -m 0644 tcpdchk.8 ${DESTDIR}/usr/share/man/man8/ 5.270 -+ install -o root -g root -m 0644 try-from.8 ${DESTDIR}/usr/share/man/man8/ 5.271 -+ install -o root -g root -m 0644 tcpdmatch.8 ${DESTDIR}/usr/share/man/man8/ 5.272 -+ install -o root -g root -m 0644 safe_finger.8 ${DESTDIR}/usr/share/man/man8/ 5.273 -+ install -o root -g root -m 0644 hosts_access.5 ${DESTDIR}/usr/share/man/man5/ 5.274 -+ install -o root -g root -m 0644 hosts_options.5 ${DESTDIR}/usr/share/man/man5/ 5.275 -+ 5.276 -+install-dev: 5.277 -+ install -o root -g root -m 0644 hosts_access.3 ${DESTDIR}/usr/share/man/man3/ 5.278 -+ install -o root -g root -m 0644 tcpd.h ${DESTDIR}/usr/include/ 5.279 -+ install -o root -g root -m 0644 $(LIB) ${DESTDIR}/usr/lib/ 5.280 -+ ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/hosts_ctl.3 5.281 -+ ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/request_init.3 5.282 -+ ln -sf hosts_access.3 ${DESTDIR}/usr/share/man/man3/request_set.3 5.283 - 5.284 - shar: $(KIT) 5.285 - @shar $(KIT) 5.286 -@@ -739,7 +808,8 @@ 5.287 - 5.288 - clean: 5.289 - rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \ 5.290 -- cflags 5.291 -+ cflags libwrap*.so* 5.292 -+ rm -rf shared 5.293 - 5.294 - tidy: clean 5.295 - chmod -R a+r . 5.296 -@@ -885,5 +955,6 @@ 5.297 - update.o: mystdarg.h 5.298 - update.o: tcpd.h 5.299 - vfprintf.o: cflags 5.300 -+weak_symbols.o: tcpd.h 5.301 - workarounds.o: cflags 5.302 - workarounds.o: tcpd.h 5.303 -diff -Naur tcp_wrappers_7.6/fix_options.c tcp_wrappers_7.6.gimli/fix_options.c 5.304 ---- tcp_wrappers_7.6/fix_options.c 1997-04-07 19:29:19.000000000 -0500 5.305 -+++ tcp_wrappers_7.6.gimli/fix_options.c 2002-01-07 08:50:19.000000000 -0600 5.306 -@@ -35,7 +35,12 @@ 5.307 - #ifdef IP_OPTIONS 5.308 - unsigned char optbuf[BUFFER_SIZE / 3], *cp; 5.309 - char lbuf[BUFFER_SIZE], *lp; 5.310 -+#if !defined(__GLIBC__) 5.311 - int optsize = sizeof(optbuf), ipproto; 5.312 -+#else /* __GLIBC__ */ 5.313 -+ size_t optsize = sizeof(optbuf); 5.314 -+ int ipproto; 5.315 -+#endif /* __GLIBC__ */ 5.316 - struct protoent *ip; 5.317 - int fd = request->fd; 5.318 - unsigned int opt; 5.319 -diff -Naur tcp_wrappers_7.6/hosts_access.3 tcp_wrappers_7.6.gimli/hosts_access.3 5.320 ---- tcp_wrappers_7.6/hosts_access.3 1996-02-11 10:01:27.000000000 -0600 5.321 -+++ tcp_wrappers_7.6.gimli/hosts_access.3 2002-01-07 08:50:19.000000000 -0600 5.322 -@@ -3,7 +3,7 @@ 5.323 - hosts_access, hosts_ctl, request_init, request_set \- access control library 5.324 - .SH SYNOPSIS 5.325 - .nf 5.326 --#include "tcpd.h" 5.327 -+#include <tcpd.h> 5.328 - 5.329 - extern int allow_severity; 5.330 - extern int deny_severity; 5.331 -diff -Naur tcp_wrappers_7.6/hosts_access.5 tcp_wrappers_7.6.gimli/hosts_access.5 5.332 ---- tcp_wrappers_7.6/hosts_access.5 1995-01-30 12:51:47.000000000 -0600 5.333 -+++ tcp_wrappers_7.6.gimli/hosts_access.5 2002-01-07 08:50:19.000000000 -0600 5.334 -@@ -8,9 +8,9 @@ 5.335 - impatient reader is encouraged to skip to the EXAMPLES section for a 5.336 - quick introduction. 5.337 - .PP 5.338 --An extended version of the access control language is described in the 5.339 --\fIhosts_options\fR(5) document. The extensions are turned on at 5.340 --program build time by building with -DPROCESS_OPTIONS. 5.341 -+The extended version of the access control language is described in the 5.342 -+\fIhosts_options\fR(5) document. \fBNote that this language supersedes 5.343 -+the meaning of \fIshell_command\fB as documented below.\fR 5.344 - .PP 5.345 - In the following text, \fIdaemon\fR is the the process name of a 5.346 - network daemon process, and \fIclient\fR is the name and/or address of 5.347 -@@ -40,7 +40,7 @@ 5.348 - character. This permits you to break up long lines so that they are 5.349 - easier to edit. 5.350 - .IP \(bu 5.351 --Blank lines or lines that begin with a `#\' character are ignored. 5.352 -+Blank lines or lines that begin with a `#' character are ignored. 5.353 - This permits you to insert comments and whitespace so that the tables 5.354 - are easier to read. 5.355 - .IP \(bu 5.356 -@@ -69,26 +69,33 @@ 5.357 - .SH PATTERNS 5.358 - The access control language implements the following patterns: 5.359 - .IP \(bu 5.360 --A string that begins with a `.\' character. A host name is matched if 5.361 -+A string that begins with a `.' character. A host name is matched if 5.362 - the last components of its name match the specified pattern. For 5.363 --example, the pattern `.tue.nl\' matches the host name 5.364 --`wzv.win.tue.nl\'. 5.365 -+example, the pattern `.tue.nl' matches the host name 5.366 -+`wzv.win.tue.nl'. 5.367 - .IP \(bu 5.368 --A string that ends with a `.\' character. A host address is matched if 5.369 -+A string that ends with a `.' character. A host address is matched if 5.370 - its first numeric fields match the given string. For example, the 5.371 --pattern `131.155.\' matches the address of (almost) every host on the 5.372 -+pattern `131.155.' matches the address of (almost) every host on the 5.373 - Eind\%hoven University network (131.155.x.x). 5.374 - .IP \(bu 5.375 --A string that begins with an `@\' character is treated as an NIS 5.376 -+A string that begins with an `@' character is treated as an NIS 5.377 - (formerly YP) netgroup name. A host name is matched if it is a host 5.378 - member of the specified netgroup. Netgroup matches are not supported 5.379 - for daemon process names or for client user names. 5.380 - .IP \(bu 5.381 --An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a 5.382 --`net/mask\' pair. A host address is matched if `net\' is equal to the 5.383 --bitwise AND of the address and the `mask\'. For example, the net/mask 5.384 --pattern `131.155.72.0/255.255.254.0\' matches every address in the 5.385 --range `131.155.72.0\' through `131.155.73.255\'. 5.386 -+An expression of the form `n.n.n.n/m.m.m.m' is interpreted as a 5.387 -+`net/mask' pair. A host address is matched if `net' is equal to the 5.388 -+bitwise AND of the address and the `mask'. For example, the net/mask 5.389 -+pattern `131.155.72.0/255.255.254.0' matches every address in the 5.390 -+range `131.155.72.0' through `131.155.73.255'. 5.391 -+.IP \(bu 5.392 -+A string that begins with a `/' character is treated as a file 5.393 -+name. A host name or address is matched if it matches any host name 5.394 -+or address pattern listed in the named file. The file format is 5.395 -+zero or more lines with zero or more host name or address patterns 5.396 -+separated by whitespace. A file name pattern can be used anywhere 5.397 -+a host name or address pattern can be used. 5.398 - .SH WILDCARDS 5.399 - The access control language supports explicit wildcards: 5.400 - .IP ALL 5.401 -@@ -115,19 +122,19 @@ 5.402 - .ne 6 5.403 - .SH OPERATORS 5.404 - .IP EXCEPT 5.405 --Intended use is of the form: `list_1 EXCEPT list_2\'; this construct 5.406 -+Intended use is of the form: `list_1 EXCEPT list_2'; this construct 5.407 - matches anything that matches \fIlist_1\fR unless it matches 5.408 - \fIlist_2\fR. The EXCEPT operator can be used in daemon_lists and in 5.409 - client_lists. The EXCEPT operator can be nested: if the control 5.410 --language would permit the use of parentheses, `a EXCEPT b EXCEPT c\' 5.411 --would parse as `(a EXCEPT (b EXCEPT c))\'. 5.412 -+language would permit the use of parentheses, `a EXCEPT b EXCEPT c' 5.413 -+would parse as `(a EXCEPT (b EXCEPT c))'. 5.414 - .br 5.415 - .ne 6 5.416 - .SH SHELL COMMANDS 5.417 - If the first-matched access control rule contains a shell command, that 5.418 - command is subjected to %<letter> substitutions (see next section). 5.419 - The result is executed by a \fI/bin/sh\fR child process with standard 5.420 --input, output and error connected to \fI/dev/null\fR. Specify an `&\' 5.421 -+input, output and error connected to \fI/dev/null\fR. Specify an `&' 5.422 - at the end of the command if you do not want to wait until it has 5.423 - completed. 5.424 - .PP 5.425 -@@ -159,7 +166,7 @@ 5.426 - .IP %u 5.427 - The client user name (or "unknown"). 5.428 - .IP %% 5.429 --Expands to a single `%\' character. 5.430 -+Expands to a single `%' character. 5.431 - .PP 5.432 - Characters in % expansions that may confuse the shell are replaced by 5.433 - underscores. 5.434 -@@ -243,9 +250,9 @@ 5.435 - less trustworthy. It is possible for an intruder to spoof both the 5.436 - client connection and the IDENT lookup, although doing so is much 5.437 - harder than spoofing just a client connection. It may also be that 5.438 --the client\'s IDENT server is lying. 5.439 -+the client's IDENT server is lying. 5.440 - .PP 5.441 --Note: IDENT lookups don\'t work with UDP services. 5.442 -+Note: IDENT lookups don't work with UDP services. 5.443 - .SH EXAMPLES 5.444 - The language is flexible enough that different types of access control 5.445 - policy can be expressed with a minimum of fuss. Although the language 5.446 -@@ -285,7 +292,7 @@ 5.447 - .br 5.448 - ALL: .foobar.edu EXCEPT terminalserver.foobar.edu 5.449 - .PP 5.450 --The first rule permits access from hosts in the local domain (no `.\' 5.451 -+The first rule permits access from hosts in the local domain (no `.' 5.452 - in the host name) and from members of the \fIsome_netgroup\fP 5.453 - netgroup. The second rule permits access from all hosts in the 5.454 - \fIfoobar.edu\fP domain (notice the leading dot), with the exception of 5.455 -@@ -322,8 +329,8 @@ 5.456 - /etc/hosts.deny: 5.457 - .in +3 5.458 - .nf 5.459 --in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\ 5.460 -- /usr/ucb/mail -s %d-%h root) & 5.461 -+in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h | \\ 5.462 -+ /usr/bin/mail -s %d-%h root) & 5.463 - .fi 5.464 - .PP 5.465 - The safe_finger command comes with the tcpd wrapper and should be 5.466 -@@ -349,7 +356,7 @@ 5.467 - capacity of an internal buffer; when an access control rule is not 5.468 - terminated by a newline character; when the result of %<letter> 5.469 - expansion would overflow an internal buffer; when a system call fails 5.470 --that shouldn\'t. All problems are reported via the syslog daemon. 5.471 -+that shouldn't. All problems are reported via the syslog daemon. 5.472 - .SH FILES 5.473 - .na 5.474 - .nf 5.475 -diff -Naur tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.gimli/hosts_access.c 5.476 ---- tcp_wrappers_7.6/hosts_access.c 1997-02-11 19:13:23.000000000 -0600 5.477 -+++ tcp_wrappers_7.6.gimli/hosts_access.c 2002-01-07 08:50:19.000000000 -0600 5.478 -@@ -240,6 +240,26 @@ 5.479 - } 5.480 - } 5.481 - 5.482 -+/* hostfile_match - look up host patterns from file */ 5.483 -+ 5.484 -+static int hostfile_match(path, host) 5.485 -+char *path; 5.486 -+struct hosts_info *host; 5.487 -+{ 5.488 -+ char tok[BUFSIZ]; 5.489 -+ int match = NO; 5.490 -+ FILE *fp; 5.491 -+ 5.492 -+ if ((fp = fopen(path, "r")) != 0) { 5.493 -+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host))) 5.494 -+ /* void */ ; 5.495 -+ fclose(fp); 5.496 -+ } else if (errno != ENOENT) { 5.497 -+ tcpd_warn("open %s: %m", path); 5.498 -+ } 5.499 -+ return (match); 5.500 -+} 5.501 -+ 5.502 - /* host_match - match host name and/or address against pattern */ 5.503 - 5.504 - static int host_match(tok, host) 5.505 -@@ -267,6 +287,8 @@ 5.506 - tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */ 5.507 - return (NO); 5.508 - #endif 5.509 -+ } else if (tok[0] == '/') { /* /file hack */ 5.510 -+ return (hostfile_match(tok, host)); 5.511 - } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */ 5.512 - char *name = eval_hostname(host); 5.513 - return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name)); 5.514 -diff -Naur tcp_wrappers_7.6/hosts_options.5 tcp_wrappers_7.6.gimli/hosts_options.5 5.515 ---- tcp_wrappers_7.6/hosts_options.5 1994-12-28 10:42:29.000000000 -0600 5.516 -+++ tcp_wrappers_7.6.gimli/hosts_options.5 2002-01-07 08:50:19.000000000 -0600 5.517 -@@ -58,12 +58,12 @@ 5.518 - Execute, in a child process, the specified shell command, after 5.519 - performing the %<letter> expansions described in the hosts_access(5) 5.520 - manual page. The command is executed with stdin, stdout and stderr 5.521 --connected to the null device, so that it won\'t mess up the 5.522 -+connected to the null device, so that it won't mess up the 5.523 - conversation with the client host. Example: 5.524 - .sp 5.525 - .nf 5.526 - .ti +3 5.527 --spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) & 5.528 -+spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) & 5.529 - .fi 5.530 - .sp 5.531 - executes, in a background child process, the shell command "safe_finger 5.532 -diff -Naur tcp_wrappers_7.6/options.c tcp_wrappers_7.6.gimli/options.c 5.533 ---- tcp_wrappers_7.6/options.c 1996-02-11 10:01:32.000000000 -0600 5.534 -+++ tcp_wrappers_7.6.gimli/options.c 2002-01-07 08:50:19.000000000 -0600 5.535 -@@ -473,6 +473,9 @@ 5.536 - #ifdef LOG_CRON 5.537 - "cron", LOG_CRON, 5.538 - #endif 5.539 -+#ifdef LOG_FTP 5.540 -+ "ftp", LOG_FTP, 5.541 -+#endif 5.542 - #ifdef LOG_LOCAL0 5.543 - "local0", LOG_LOCAL0, 5.544 - #endif 5.545 -diff -Naur tcp_wrappers_7.6/percent_m.c tcp_wrappers_7.6.gimli/percent_m.c 5.546 ---- tcp_wrappers_7.6/percent_m.c 1994-12-28 10:42:37.000000000 -0600 5.547 -+++ tcp_wrappers_7.6.gimli/percent_m.c 2002-01-07 08:50:19.000000000 -0600 5.548 -@@ -13,7 +13,7 @@ 5.549 - #include <string.h> 5.550 - 5.551 - extern int errno; 5.552 --#ifndef SYS_ERRLIST_DEFINED 5.553 -+#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR) 5.554 - extern char *sys_errlist[]; 5.555 - extern int sys_nerr; 5.556 - #endif 5.557 -@@ -29,11 +29,15 @@ 5.558 - 5.559 - while (*bp = *cp) 5.560 - if (*cp == '%' && cp[1] == 'm') { 5.561 -+#ifdef HAVE_STRERROR 5.562 -+ strcpy(bp, strerror(errno)); 5.563 -+#else 5.564 - if (errno < sys_nerr && errno > 0) { 5.565 - strcpy(bp, sys_errlist[errno]); 5.566 - } else { 5.567 - sprintf(bp, "Unknown error %d", errno); 5.568 - } 5.569 -+#endif 5.570 - bp += strlen(bp); 5.571 - cp += 2; 5.572 - } else { 5.573 -diff -Naur tcp_wrappers_7.6/rfc931.c tcp_wrappers_7.6.gimli/rfc931.c 5.574 ---- tcp_wrappers_7.6/rfc931.c 1995-01-02 09:11:34.000000000 -0600 5.575 -+++ tcp_wrappers_7.6.gimli/rfc931.c 2002-01-07 08:50:19.000000000 -0600 5.576 -@@ -33,7 +33,7 @@ 5.577 - 5.578 - int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */ 5.579 - 5.580 --static jmp_buf timebuf; 5.581 -+static sigjmp_buf timebuf; 5.582 - 5.583 - /* fsocket - open stdio stream on top of socket */ 5.584 - 5.585 -@@ -62,7 +62,7 @@ 5.586 - static void timeout(sig) 5.587 - int sig; 5.588 - { 5.589 -- longjmp(timebuf, sig); 5.590 -+ siglongjmp(timebuf, sig); 5.591 - } 5.592 - 5.593 - /* rfc931 - return remote user name, given socket structures */ 5.594 -@@ -99,7 +99,7 @@ 5.595 - * Set up a timer so we won't get stuck while waiting for the server. 5.596 - */ 5.597 - 5.598 -- if (setjmp(timebuf) == 0) { 5.599 -+ if (sigsetjmp(timebuf,1) == 0) { 5.600 - signal(SIGALRM, timeout); 5.601 - alarm(rfc931_timeout); 5.602 - 5.603 -diff -Naur tcp_wrappers_7.6/safe_finger.8 tcp_wrappers_7.6.gimli/safe_finger.8 5.604 ---- tcp_wrappers_7.6/safe_finger.8 1969-12-31 18:00:00.000000000 -0600 5.605 -+++ tcp_wrappers_7.6.gimli/safe_finger.8 2002-01-07 08:50:19.000000000 -0600 5.606 -@@ -0,0 +1,34 @@ 5.607 -+.TH SAFE_FINGER 8 "21th June 1997" Linux "Linux Programmer's Manual" 5.608 -+.SH NAME 5.609 -+safe_finger \- finger client wrapper that protects against nasty stuff 5.610 -+from finger servers 5.611 -+.SH SYNOPSIS 5.612 -+.B safe_finger [finger_options] 5.613 -+.SH DESCRIPTION 5.614 -+The 5.615 -+.B safe_finger 5.616 -+command protects against nasty stuff from finger servers. Use this 5.617 -+program for automatic reverse finger probes from the 5.618 -+.B tcp_wrapper 5.619 -+.B (tcpd) 5.620 -+, not the raw finger command. The 5.621 -+.B safe_finger 5.622 -+command makes sure that the finger client is not run with root 5.623 -+privileges. It also runs the finger client with a defined PATH 5.624 -+environment. 5.625 -+.B safe_finger 5.626 -+will also protect you from problems caused by the output of some 5.627 -+finger servers. The problem: some programs may react to stuff in 5.628 -+the first column. Other programs may get upset by thrash anywhere 5.629 -+on a line. File systems may fill up as the finger server keeps 5.630 -+sending data. Text editors may bomb out on extremely long lines. 5.631 -+The finger server may take forever because it is somehow wedged. 5.632 -+.B safe_finger 5.633 -+takes care of all this badness. 5.634 -+.SH SEE ALSO 5.635 -+.BR hosts_access (5), 5.636 -+.BR hosts_options (5), 5.637 -+.BR tcpd (8) 5.638 -+.SH AUTHOR 5.639 -+Wietse Venema, Eindhoven University of Technology, The Netherlands. 5.640 -+ 5.641 -diff -Naur tcp_wrappers_7.6/safe_finger.c tcp_wrappers_7.6.gimli/safe_finger.c 5.642 ---- tcp_wrappers_7.6/safe_finger.c 1994-12-28 10:42:42.000000000 -0600 5.643 -+++ tcp_wrappers_7.6.gimli/safe_finger.c 2002-01-07 08:50:19.000000000 -0600 5.644 -@@ -26,21 +26,24 @@ 5.645 - #include <stdio.h> 5.646 - #include <ctype.h> 5.647 - #include <pwd.h> 5.648 -+#include <syslog.h> 5.649 - 5.650 - extern void exit(); 5.651 - 5.652 - /* Local stuff */ 5.653 - 5.654 --char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin"; 5.655 -+char path[] = "PATH=/bin:/usr/bin:/sbin:/usr/sbin"; 5.656 - 5.657 - #define TIME_LIMIT 60 /* Do not keep listinging forever */ 5.658 - #define INPUT_LENGTH 100000 /* Do not keep listinging forever */ 5.659 - #define LINE_LENGTH 128 /* Editors can choke on long lines */ 5.660 - #define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */ 5.661 - #define UNPRIV_NAME "nobody" /* Preferred privilege level */ 5.662 --#define UNPRIV_UGID 32767 /* Default uid and gid */ 5.663 -+#define UNPRIV_UGID 65534 /* Default uid and gid */ 5.664 - 5.665 - int finger_pid; 5.666 -+int allow_severity = SEVERITY; 5.667 -+int deny_severity = LOG_WARNING; 5.668 - 5.669 - void cleanup(sig) 5.670 - int sig; 5.671 -diff -Naur tcp_wrappers_7.6/scaffold.c tcp_wrappers_7.6.gimli/scaffold.c 5.672 ---- tcp_wrappers_7.6/scaffold.c 1997-03-21 12:27:24.000000000 -0600 5.673 -+++ tcp_wrappers_7.6.gimli/scaffold.c 2002-01-07 08:50:19.000000000 -0600 5.674 -@@ -180,10 +180,12 @@ 5.675 - 5.676 - /* ARGSUSED */ 5.677 - 5.678 --void rfc931(request) 5.679 --struct request_info *request; 5.680 -+void rfc931(rmt_sin, our_sin, dest) 5.681 -+struct sockaddr_in *rmt_sin; 5.682 -+struct sockaddr_in *our_sin; 5.683 -+char *dest; 5.684 - { 5.685 -- strcpy(request->user, unknown); 5.686 -+ strcpy(dest, unknown); 5.687 - } 5.688 - 5.689 - /* check_path - examine accessibility */ 5.690 -diff -Naur tcp_wrappers_7.6/socket.c tcp_wrappers_7.6.gimli/socket.c 5.691 ---- tcp_wrappers_7.6/socket.c 1997-03-21 12:27:25.000000000 -0600 5.692 -+++ tcp_wrappers_7.6.gimli/socket.c 2002-01-07 08:50:19.000000000 -0600 5.693 -@@ -76,7 +76,11 @@ 5.694 - { 5.695 - static struct sockaddr_in client; 5.696 - static struct sockaddr_in server; 5.697 -+#if !defined (__GLIBC__) 5.698 - int len; 5.699 -+#else /* __GLIBC__ */ 5.700 -+ size_t len; 5.701 -+#endif /* __GLIBC__ */ 5.702 - char buf[BUFSIZ]; 5.703 - int fd = request->fd; 5.704 - 5.705 -@@ -224,7 +228,11 @@ 5.706 - { 5.707 - char buf[BUFSIZ]; 5.708 - struct sockaddr_in sin; 5.709 -+#if !defined(__GLIBC__) 5.710 - int size = sizeof(sin); 5.711 -+#else /* __GLIBC__ */ 5.712 -+ size_t size = sizeof(sin); 5.713 -+#endif /* __GLIBC__ */ 5.714 - 5.715 - /* 5.716 - * Eat up the not-yet received datagram. Some systems insist on a 5.717 -diff -Naur tcp_wrappers_7.6/tcpd.8 tcp_wrappers_7.6.gimli/tcpd.8 5.718 ---- tcp_wrappers_7.6/tcpd.8 1996-02-21 09:39:16.000000000 -0600 5.719 -+++ tcp_wrappers_7.6.gimli/tcpd.8 2002-01-07 08:50:19.000000000 -0600 5.720 -@@ -94,7 +94,7 @@ 5.721 - .PP 5.722 - The example assumes that the network daemons live in /usr/etc. On some 5.723 - systems, network daemons live in /usr/sbin or in /usr/libexec, or have 5.724 --no `in.\' prefix to their name. 5.725 -+no `in.' prefix to their name. 5.726 - .SH EXAMPLE 2 5.727 - This example applies when \fItcpd\fR expects that the network daemons 5.728 - are left in their original place. 5.729 -@@ -110,26 +110,26 @@ 5.730 - becomes: 5.731 - .sp 5.732 - .ti +5 5.733 --finger stream tcp nowait nobody /some/where/tcpd in.fingerd 5.734 -+finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd 5.735 - .sp 5.736 - .fi 5.737 - .PP 5.738 - The example assumes that the network daemons live in /usr/etc. On some 5.739 - systems, network daemons live in /usr/sbin or in /usr/libexec, the 5.740 --daemons have no `in.\' prefix to their name, or there is no userid 5.741 -+daemons have no `in.' prefix to their name, or there is no userid 5.742 - field in the inetd configuration file. 5.743 - .PP 5.744 - Similar changes will be needed for the other services that are to be 5.745 --covered by \fItcpd\fR. Send a `kill -HUP\' to the \fIinetd\fR(8) 5.746 -+covered by \fItcpd\fR. Send a `kill -HUP' to the \fIinetd\fR(8) 5.747 - process to make the changes effective. AIX users may also have to 5.748 --execute the `inetimp\' command. 5.749 -+execute the `inetimp' command. 5.750 - .SH EXAMPLE 3 5.751 - In the case of daemons that do not live in a common directory ("secret" 5.752 - or otherwise), edit the \fIinetd\fR configuration file so that it 5.753 - specifies an absolute path name for the process name field. For example: 5.754 - .nf 5.755 - .sp 5.756 -- ntalk dgram udp wait root /some/where/tcpd /usr/local/lib/ntalkd 5.757 -+ ntalk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.ntalkd 5.758 - .sp 5.759 - .fi 5.760 - .PP 5.761 -diff -Naur tcp_wrappers_7.6/tcpd.h tcp_wrappers_7.6.gimli/tcpd.h 5.762 ---- tcp_wrappers_7.6/tcpd.h 1996-03-19 09:22:25.000000000 -0600 5.763 -+++ tcp_wrappers_7.6.gimli/tcpd.h 2002-01-07 08:50:19.000000000 -0600 5.764 -@@ -4,6 +4,25 @@ 5.765 - * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 5.766 - */ 5.767 - 5.768 -+#ifndef _TCPWRAPPERS_TCPD_H 5.769 -+#define _TCPWRAPPERS_TCPD_H 5.770 -+ 5.771 -+/* someone else may have defined this */ 5.772 -+#undef __P 5.773 -+ 5.774 -+/* use prototypes if we have an ANSI C compiler or are using C++ */ 5.775 -+#if defined(__STDC__) || defined(__cplusplus) 5.776 -+#define __P(args) args 5.777 -+#else 5.778 -+#define __P(args) () 5.779 -+#endif 5.780 -+ 5.781 -+/* Need definitions of struct sockaddr_in and FILE. */ 5.782 -+#include <netinet/in.h> 5.783 -+#include <stdio.h> 5.784 -+ 5.785 -+__BEGIN_DECLS 5.786 -+ 5.787 - /* Structure to describe one communications endpoint. */ 5.788 - 5.789 - #define STRING_LENGTH 128 /* hosts, users, processes */ 5.790 -@@ -25,10 +44,10 @@ 5.791 - char pid[10]; /* access via eval_pid(request) */ 5.792 - struct host_info client[1]; /* client endpoint info */ 5.793 - struct host_info server[1]; /* server endpoint info */ 5.794 -- void (*sink) (); /* datagram sink function or 0 */ 5.795 -- void (*hostname) (); /* address to printable hostname */ 5.796 -- void (*hostaddr) (); /* address to printable address */ 5.797 -- void (*cleanup) (); /* cleanup function or 0 */ 5.798 -+ void (*sink) __P((int)); /* datagram sink function or 0 */ 5.799 -+ void (*hostname) __P((struct host_info *)); /* address to printable hostname */ 5.800 -+ void (*hostaddr) __P((struct host_info *)); /* address to printable address */ 5.801 -+ void (*cleanup) __P((struct request_info *)); /* cleanup function or 0 */ 5.802 - struct netconfig *config; /* netdir handle */ 5.803 - }; 5.804 - 5.805 -@@ -61,25 +80,30 @@ 5.806 - /* Global functions. */ 5.807 - 5.808 - #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 5.809 --extern void fromhost(); /* get/validate client host info */ 5.810 -+extern void fromhost __P((struct request_info *)); /* get/validate client host info */ 5.811 - #else 5.812 - #define fromhost sock_host /* no TLI support needed */ 5.813 - #endif 5.814 - 5.815 --extern int hosts_access(); /* access control */ 5.816 --extern void shell_cmd(); /* execute shell command */ 5.817 --extern char *percent_x(); /* do %<char> expansion */ 5.818 --extern void rfc931(); /* client name from RFC 931 daemon */ 5.819 --extern void clean_exit(); /* clean up and exit */ 5.820 --extern void refuse(); /* clean up and exit */ 5.821 --extern char *xgets(); /* fgets() on steroids */ 5.822 --extern char *split_at(); /* strchr() and split */ 5.823 --extern unsigned long dot_quad_addr(); /* restricted inet_addr() */ 5.824 -+extern void shell_cmd __P((char *)); /* execute shell command */ 5.825 -+extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */ 5.826 -+extern void rfc931 __P((struct sockaddr_in *, struct sockaddr_in *, char *)); /* client name from RFC 931 daemon */ 5.827 -+extern void clean_exit __P((struct request_info *)); /* clean up and exit */ 5.828 -+extern void refuse __P((struct request_info *)); /* clean up and exit */ 5.829 -+extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */ 5.830 -+extern char *split_at __P((char *, int)); /* strchr() and split */ 5.831 -+extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */ 5.832 - 5.833 - /* Global variables. */ 5.834 - 5.835 -+#ifdef HAVE_WEAKSYMS 5.836 -+extern int allow_severity __attribute__ ((weak)); /* for connection logging */ 5.837 -+extern int deny_severity __attribute__ ((weak)); /* for connection logging */ 5.838 -+#else 5.839 - extern int allow_severity; /* for connection logging */ 5.840 - extern int deny_severity; /* for connection logging */ 5.841 -+#endif 5.842 -+ 5.843 - extern char *hosts_allow_table; /* for verification mode redirection */ 5.844 - extern char *hosts_deny_table; /* for verification mode redirection */ 5.845 - extern int hosts_access_verbose; /* for verbose matching mode */ 5.846 -@@ -92,9 +116,14 @@ 5.847 - */ 5.848 - 5.849 - #ifdef __STDC__ 5.850 -+extern int hosts_access(struct request_info *request); 5.851 -+extern int hosts_ctl(char *daemon, char *client_name, char *client_addr, 5.852 -+ char *client_user); 5.853 - extern struct request_info *request_init(struct request_info *,...); 5.854 - extern struct request_info *request_set(struct request_info *,...); 5.855 - #else 5.856 -+extern int hosts_access(); 5.857 -+extern int hosts_ctl(); 5.858 - extern struct request_info *request_init(); /* initialize request */ 5.859 - extern struct request_info *request_set(); /* update request structure */ 5.860 - #endif 5.861 -@@ -117,27 +146,31 @@ 5.862 - * host_info structures serve as caches for the lookup results. 5.863 - */ 5.864 - 5.865 --extern char *eval_user(); /* client user */ 5.866 --extern char *eval_hostname(); /* printable hostname */ 5.867 --extern char *eval_hostaddr(); /* printable host address */ 5.868 --extern char *eval_hostinfo(); /* host name or address */ 5.869 --extern char *eval_client(); /* whatever is available */ 5.870 --extern char *eval_server(); /* whatever is available */ 5.871 -+extern char *eval_user __P((struct request_info *)); /* client user */ 5.872 -+extern char *eval_hostname __P((struct host_info *)); /* printable hostname */ 5.873 -+extern char *eval_hostaddr __P((struct host_info *)); /* printable host address */ 5.874 -+extern char *eval_hostinfo __P((struct host_info *)); /* host name or address */ 5.875 -+extern char *eval_client __P((struct request_info *)); /* whatever is available */ 5.876 -+extern char *eval_server __P((struct request_info *)); /* whatever is available */ 5.877 - #define eval_daemon(r) ((r)->daemon) /* daemon process name */ 5.878 - #define eval_pid(r) ((r)->pid) /* process id */ 5.879 - 5.880 - /* Socket-specific methods, including DNS hostname lookups. */ 5.881 - 5.882 --extern void sock_host(); /* look up endpoint addresses */ 5.883 --extern void sock_hostname(); /* translate address to hostname */ 5.884 --extern void sock_hostaddr(); /* address to printable address */ 5.885 -+/* look up endpoint addresses */ 5.886 -+extern void sock_host __P((struct request_info *)); 5.887 -+/* translate address to hostname */ 5.888 -+extern void sock_hostname __P((struct host_info *)); 5.889 -+/* address to printable address */ 5.890 -+extern void sock_hostaddr __P((struct host_info *)); 5.891 -+ 5.892 - #define sock_methods(r) \ 5.893 - { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 5.894 - 5.895 - /* The System V Transport-Level Interface (TLI) interface. */ 5.896 - 5.897 - #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 5.898 --extern void tli_host(); /* look up endpoint addresses etc. */ 5.899 -+extern void tli_host __P((struct request_info *)); /* look up endpoint addresses etc. */ 5.900 - #endif 5.901 - 5.902 - /* 5.903 -@@ -178,7 +211,7 @@ 5.904 - * behavior. 5.905 - */ 5.906 - 5.907 --extern void process_options(); /* execute options */ 5.908 -+extern void process_options __P((char *, struct request_info *)); /* execute options */ 5.909 - extern int dry_run; /* verification flag */ 5.910 - 5.911 - /* Bug workarounds. */ 5.912 -@@ -217,3 +250,7 @@ 5.913 - #define strtok my_strtok 5.914 - extern char *my_strtok(); 5.915 - #endif 5.916 -+ 5.917 -+__END_DECLS 5.918 -+ 5.919 -+#endif /* tcpd.h */ 5.920 -diff -Naur tcp_wrappers_7.6/tcpdchk.c tcp_wrappers_7.6.gimli/tcpdchk.c 5.921 ---- tcp_wrappers_7.6/tcpdchk.c 1997-02-11 19:13:25.000000000 -0600 5.922 -+++ tcp_wrappers_7.6.gimli/tcpdchk.c 2002-01-07 08:50:19.000000000 -0600 5.923 -@@ -350,6 +350,8 @@ 5.924 - { 5.925 - if (pat[0] == '@') { 5.926 - tcpd_warn("%s: daemon name begins with \"@\"", pat); 5.927 -+ } else if (pat[0] == '/') { 5.928 -+ tcpd_warn("%s: daemon name begins with \"/\"", pat); 5.929 - } else if (pat[0] == '.') { 5.930 - tcpd_warn("%s: daemon name begins with dot", pat); 5.931 - } else if (pat[strlen(pat) - 1] == '.') { 5.932 -@@ -382,6 +384,8 @@ 5.933 - { 5.934 - if (pat[0] == '@') { /* @netgroup */ 5.935 - tcpd_warn("%s: user name begins with \"@\"", pat); 5.936 -+ } else if (pat[0] == '/') { 5.937 -+ tcpd_warn("%s: user name begins with \"/\"", pat); 5.938 - } else if (pat[0] == '.') { 5.939 - tcpd_warn("%s: user name begins with dot", pat); 5.940 - } else if (pat[strlen(pat) - 1] == '.') { 5.941 -@@ -402,8 +406,13 @@ 5.942 - static int check_host(pat) 5.943 - char *pat; 5.944 - { 5.945 -+ char buf[BUFSIZ]; 5.946 - char *mask; 5.947 - int addr_count = 1; 5.948 -+ FILE *fp; 5.949 -+ struct tcpd_context saved_context; 5.950 -+ char *cp; 5.951 -+ char *wsp = " \t\r\n"; 5.952 - 5.953 - if (pat[0] == '@') { /* @netgroup */ 5.954 - #ifdef NO_NETGRENT 5.955 -@@ -422,6 +431,21 @@ 5.956 - tcpd_warn("netgroup support disabled"); 5.957 - #endif 5.958 - #endif 5.959 -+ } else if (pat[0] == '/') { /* /path/name */ 5.960 -+ if ((fp = fopen(pat, "r")) != 0) { 5.961 -+ saved_context = tcpd_context; 5.962 -+ tcpd_context.file = pat; 5.963 -+ tcpd_context.line = 0; 5.964 -+ while (fgets(buf, sizeof(buf), fp)) { 5.965 -+ tcpd_context.line++; 5.966 -+ for (cp = strtok(buf, wsp); cp; cp = strtok((char *) 0, wsp)) 5.967 -+ check_host(cp); 5.968 -+ } 5.969 -+ tcpd_context = saved_context; 5.970 -+ fclose(fp); 5.971 -+ } else if (errno != ENOENT) { 5.972 -+ tcpd_warn("open %s: %m", pat); 5.973 -+ } 5.974 - } else if (mask = split_at(pat, '/')) { /* network/netmask */ 5.975 - if (dot_quad_addr(pat) == INADDR_NONE 5.976 - || dot_quad_addr(mask) == INADDR_NONE) 5.977 -diff -Naur tcp_wrappers_7.6/try-from.8 tcp_wrappers_7.6.gimli/try-from.8 5.978 ---- tcp_wrappers_7.6/try-from.8 1969-12-31 18:00:00.000000000 -0600 5.979 -+++ tcp_wrappers_7.6.gimli/try-from.8 2002-01-07 08:50:19.000000000 -0600 5.980 -@@ -0,0 +1,28 @@ 5.981 -+.TH TRY-FROM 8 "21th June 1997" Linux "Linux Programmer's Manual" 5.982 -+.SH NAME 5.983 -+try-from \- test program for the tcp_wrapper 5.984 -+.SH SYNOPSIS 5.985 -+.B try-from 5.986 -+.SH DESCRIPTION 5.987 -+The 5.988 -+.B try-from 5.989 -+command can be called via a remote shell command to find out 5.990 -+if the hostname and address are properly recognized 5.991 -+by the 5.992 -+.B tcp_wrapper 5.993 -+library, if username lookup works, and (SysV only) if the TLI 5.994 -+on top of IP heuristics work. Diagnostics are reported through 5.995 -+.BR syslog (3) 5.996 -+and redirected to stderr. 5.997 -+ 5.998 -+Example: 5.999 -+ 5.1000 -+rsh host /some/where/try-from 5.1001 -+ 5.1002 -+.SH SEE ALSO 5.1003 -+.BR hosts_access (5), 5.1004 -+.BR hosts_options (5), 5.1005 -+.BR tcpd (8) 5.1006 -+.SH AUTHOR 5.1007 -+Wietse Venema, Eindhoven University of Technology, The Netherlands. 5.1008 -+ 5.1009 -diff -Naur tcp_wrappers_7.6/weak_symbols.c tcp_wrappers_7.6.gimli/weak_symbols.c 5.1010 ---- tcp_wrappers_7.6/weak_symbols.c 1969-12-31 18:00:00.000000000 -0600 5.1011 -+++ tcp_wrappers_7.6.gimli/weak_symbols.c 2002-01-07 08:50:19.000000000 -0600 5.1012 -@@ -0,0 +1,11 @@ 5.1013 -+ /* 5.1014 -+ * @(#) weak_symbols.h 1.5 99/12/29 23:50 5.1015 -+ * 5.1016 -+ * Author: Anthony Towns <ajt@debian.org> 5.1017 -+ */ 5.1018 -+ 5.1019 -+#ifdef HAVE_WEAKSYMS 5.1020 -+#include <syslog.h> 5.1021 -+int deny_severity = LOG_WARNING; 5.1022 -+int allow_severity = SEVERITY; 5.1023 -+#endif 5.1024 -diff -Naur tcp_wrappers_7.6/workarounds.c tcp_wrappers_7.6.gimli/workarounds.c 5.1025 ---- tcp_wrappers_7.6/workarounds.c 1996-03-19 09:22:26.000000000 -0600 5.1026 -+++ tcp_wrappers_7.6.gimli/workarounds.c 2002-01-07 08:50:19.000000000 -0600 5.1027 -@@ -163,7 +163,11 @@ 5.1028 - int fix_getpeername(sock, sa, len) 5.1029 - int sock; 5.1030 - struct sockaddr *sa; 5.1031 -+#if !defined(__GLIBC__) 5.1032 - int *len; 5.1033 -+#else /* __GLIBC__ */ 5.1034 -+size_t *len; 5.1035 -+#endif /* __GLIBC__ */ 5.1036 - { 5.1037 - int ret; 5.1038 - struct sockaddr_in *sin = (struct sockaddr_in *) sa;
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/libwrap/stuff/slitaz.patch Sat Jul 07 14:25:00 2018 +0300 6.3 @@ -0,0 +1,11 @@ 6.4 +--- a/Makefile 6.5 ++++ b/Makefile 6.6 +@@ -151,7 +151,7 @@ 6.7 + linux: 6.8 + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ 6.9 + LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \ 6.10 +- NETGROUP="-DNETGROUP" TLI= VSYSLOG= BUGS= \ 6.11 ++ NETGROUP="-DNETGROUP -DUSE_GETDOMAIN" TLI= VSYSLOG= BUGS= \ 6.12 + EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DHAVE_WEAKSYMS -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all 6.13 + 6.14 + gnu:
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 7.2 +++ b/libwrap/stuff/tcp-wrappers-headers.patch Sat Jul 07 14:25:00 2018 +0300 7.3 @@ -0,0 +1,296 @@ 7.4 +--- a/options.c 7.5 ++++ b/options.c 7.6 +@@ -34,6 +34,8 @@ 7.7 + 7.8 + /* System libraries. */ 7.9 + 7.10 ++#include <unistd.h> 7.11 ++#include <stdlib.h> 7.12 + #include <sys/types.h> 7.13 + #include <sys/param.h> 7.14 + #include <sys/socket.h> 7.15 +--- a/safe_finger.c 7.16 ++++ b/safe_finger.c 7.17 +@@ -20,6 +20,11 @@ 7.18 + 7.19 + /* System libraries */ 7.20 + 7.21 ++#include <unistd.h> 7.22 ++#include <fcntl.h> 7.23 ++#include <stdlib.h> 7.24 ++#include <sys/wait.h> 7.25 ++#include <grp.h> 7.26 + #include <sys/types.h> 7.27 + #include <sys/stat.h> 7.28 + #include <signal.h> 7.29 +@@ -27,7 +31,7 @@ 7.30 + #include <ctype.h> 7.31 + #include <pwd.h> 7.32 + 7.33 +-extern void exit(); 7.34 ++int pipe_stdin(char **argv); 7.35 + 7.36 + /* Local stuff */ 7.37 + 7.38 +--- a/scaffold.c 7.39 ++++ b/scaffold.c 7.40 +@@ -10,6 +10,7 @@ 7.41 + 7.42 + /* System libraries. */ 7.43 + 7.44 ++#include <stdlib.h> 7.45 + #include <sys/types.h> 7.46 + #include <sys/stat.h> 7.47 + #include <sys/socket.h> 7.48 +@@ -27,7 +27,4 @@ 7.49 + #endif 7.50 + 7.51 +-#ifndef INET6 7.52 +-extern char *malloc(); 7.53 +-#endif 7.54 + 7.55 + /* Application-specific. */ 7.56 +--- a/shell_cmd.c 7.57 ++++ b/shell_cmd.c 7.58 +@@ -14,6 +14,10 @@ 7.59 + 7.60 + /* System libraries. */ 7.61 + 7.62 ++#include <unistd.h> 7.63 ++#include <stdlib.h> 7.64 ++#include <fcntl.h> 7.65 ++#include <sys/wait.h> 7.66 + #include <sys/types.h> 7.67 + #include <sys/param.h> 7.68 + #include <signal.h> 7.69 +@@ -25,8 +25,6 @@ 7.70 + #include <syslog.h> 7.71 + #include <string.h> 7.72 + 7.73 +-extern void exit(); 7.74 +- 7.75 + /* Local stuff. */ 7.76 + 7.77 + #include "tcpd.h" 7.78 +--- a/tcpdchk.c 7.79 ++++ b/tcpdchk.c 7.80 +@@ -20,6 +20,8 @@ 7.81 + 7.82 + /* System libraries. */ 7.83 + 7.84 ++#include <unistd.h> 7.85 ++#include <stdlib.h> 7.86 + #include <sys/types.h> 7.87 + #include <sys/stat.h> 7.88 + #ifdef INET6 7.89 +@@ -35,10 +36,7 @@ 7.90 + #include <netdb.h> 7.91 + #include <string.h> 7.92 + 7.93 +-extern int errno; 7.94 +-extern void exit(); 7.95 +-extern int optind; 7.96 +-extern char *optarg; 7.97 ++int cidr_mask_addr(char *str); 7.98 + 7.99 + #ifndef INADDR_NONE 7.100 + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ 7.101 +--- a/clean_exit.c 7.102 ++++ b/clean_exit.c 7.103 +@@ -13,8 +13,8 @@ 7.104 + #endif 7.105 + 7.106 + #include <stdio.h> 7.107 +- 7.108 +-extern void exit(); 7.109 ++#include <unistd.h> 7.110 ++#include <stdlib.h> 7.111 + 7.112 + #include "tcpd.h" 7.113 + 7.114 +--- a/hosts_access.c 7.115 ++++ b/hosts_access.c 7.116 +@@ -23,6 +23,7 @@ 7.117 + 7.118 + /* System libraries. */ 7.119 + 7.120 ++#include <stdlib.h> 7.121 + #include <sys/types.h> 7.122 + #ifdef INT32_T 7.123 + typedef uint32_t u_int32_t; 7.124 +@@ -43,8 +44,8 @@ 7.125 + #include <netdb.h> 7.126 + #endif 7.127 + 7.128 +-extern char *fgets(); 7.129 +-extern int errno; 7.130 ++static int match_pattern_ylo(const char *s, const char *pattern); 7.131 ++int cidr_mask_addr(char *str); 7.132 + 7.133 + #ifndef INADDR_NONE 7.134 + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ 7.135 +--- a/inetcf.c 7.136 ++++ b/inetcf.c 7.137 +@@ -9,15 +9,14 @@ 7.138 + static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23"; 7.139 + #endif 7.140 + 7.141 ++#include <stdlib.h> 7.142 + #include <sys/types.h> 7.143 + #include <sys/stat.h> 7.144 + #include <stdio.h> 7.145 + #include <errno.h> 7.146 + #include <string.h> 7.147 + 7.148 +-extern int errno; 7.149 +-extern void exit(); 7.150 +- 7.151 ++#include "scaffold.h" 7.152 + #include "tcpd.h" 7.153 + #include "inetcf.h" 7.154 + 7.155 +--- a/percent_x.c 7.156 ++++ b/percent_x.c 7.157 +@@ -16,12 +16,12 @@ 7.158 + 7.159 + /* System libraries. */ 7.160 + 7.161 ++#include <unistd.h> 7.162 ++#include <stdlib.h> 7.163 + #include <stdio.h> 7.164 + #include <syslog.h> 7.165 + #include <string.h> 7.166 + 7.167 +-extern void exit(); 7.168 +- 7.169 + /* Local stuff. */ 7.170 + 7.171 + #include "tcpd.h" 7.172 +--- a/rfc931.c 7.173 ++++ b/rfc931.c 7.174 +@@ -15,6 +15,7 @@ 7.175 + 7.176 + /* System libraries. */ 7.177 + 7.178 ++#include <unistd.h> 7.179 + #include <stdio.h> 7.180 + #include <syslog.h> 7.181 + #include <sys/types.h> 7.182 +--- a/tcpd.c 7.183 ++++ b/tcpd.c 7.184 +@@ -16,6 +16,7 @@ 7.185 + 7.186 + /* System libraries. */ 7.187 + 7.188 ++#include <unistd.h> 7.189 + #include <sys/types.h> 7.190 + #include <sys/param.h> 7.191 + #include <sys/stat.h> 7.192 +@@ -39,6 +39,8 @@ 7.193 + #include "patchlevel.h" 7.194 + #include "tcpd.h" 7.195 + 7.196 ++void fix_options(struct request_info *request); 7.197 ++ 7.198 + int allow_severity = SEVERITY; /* run-time adjustable */ 7.199 + int deny_severity = LOG_WARNING; /* ditto */ 7.200 + 7.201 +--- a/tcpdmatch.c 7.202 ++++ b/tcpdmatch.c 7.203 +@@ -19,6 +19,8 @@ 7.204 + 7.205 + /* System libraries. */ 7.206 + 7.207 ++#include <unistd.h> 7.208 ++#include <stdlib.h> 7.209 + #include <sys/types.h> 7.210 + #include <sys/stat.h> 7.211 + #include <sys/socket.h> 7.212 +@@ -30,9 +32,6 @@ 7.213 + #include <setjmp.h> 7.214 + #include <string.h> 7.215 + 7.216 +-extern void exit(); 7.217 +-extern int optind; 7.218 +-extern char *optarg; 7.219 + 7.220 + #ifndef INADDR_NONE 7.221 + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ 7.222 +--- a/update.c 7.223 ++++ b/update.c 7.224 +@@ -19,6 +19,7 @@ 7.225 + 7.226 + /* System libraries */ 7.227 + 7.228 ++#include <unistd.h> 7.229 + #include <stdio.h> 7.230 + #include <syslog.h> 7.231 + #include <string.h> 7.232 +--- a/misc.c 7.233 ++++ b/misc.c 7.234 +@@ -14,11 +14,10 @@ 7.235 + #include <arpa/inet.h> 7.236 + #include <stdio.h> 7.237 + #include <string.h> 7.238 ++#include <stdlib.h> 7.239 + 7.240 + #include "tcpd.h" 7.241 + 7.242 +-extern char *fgets(); 7.243 +- 7.244 + #ifndef INADDR_NONE 7.245 + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ 7.246 + #endif 7.247 +--- a/fix_options.c 7.248 ++++ b/fix_options.c 7.249 +@@ -32,6 +32,7 @@ 7.250 + 7.251 + /* fix_options - get rid of IP-level socket options */ 7.252 + 7.253 ++void 7.254 + fix_options(request) 7.255 + struct request_info *request; 7.256 + { 7.257 +@@ -38,11 +38,8 @@ 7.258 + #ifdef IP_OPTIONS 7.259 + unsigned char optbuf[BUFFER_SIZE / 3], *cp; 7.260 + char lbuf[BUFFER_SIZE], *lp; 7.261 +-#ifdef __GLIBC__ 7.262 +- size_t optsize = sizeof(optbuf), ipproto; 7.263 +-#else 7.264 +- int optsize = sizeof(optbuf), ipproto; 7.265 +-#endif 7.266 ++ socklen_t optsize = sizeof(optbuf); 7.267 ++ int ipproto; 7.268 + struct protoent *ip; 7.269 + int fd = request->fd; 7.270 + unsigned int opt; 7.271 +--- a/socket.c 7.272 ++++ b/socket.c 7.273 +@@ -95,11 +95,7 @@ 7.274 + static struct sockaddr_in client; 7.275 + static struct sockaddr_in server; 7.276 + #endif 7.277 +-#ifdef __GLIBC__ 7.278 +- size_t len; 7.279 +-#else 7.280 +- int len; 7.281 +-#endif 7.282 ++ socklen_t len; 7.283 + char buf[BUFSIZ]; 7.284 + int fd = request->fd; 7.285 + 7.286 +@@ -430,11 +426,7 @@ 7.287 + #else 7.288 + struct sockaddr_in sin; 7.289 + #endif 7.290 +-#ifdef __GLIBC__ 7.291 +- size_t size = sizeof(sin); 7.292 +-#else 7.293 +- int size = sizeof(sin); 7.294 +-#endif 7.295 ++ socklen_t size; 7.296 + 7.297 + /* 7.298 + * Eat up the not-yet received datagram. Some systems insist on a 7.299 +
8.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 8.2 +++ b/libwrap/stuff/tcp-wrappers-redhat-bug11881.patch Sat Jul 07 14:25:00 2018 +0300 8.3 @@ -0,0 +1,36 @@ 8.4 +--- tcp_wrappers_7.6/tcpd.c.bug11881 8.5 ++++ tcp_wrappers_7.6/tcpd.c 8.6 +@@ -60,10 +60,10 @@ 8.7 + */ 8.8 + 8.9 + if (argv[0][0] == '/') { 8.10 +- strcpy(path, argv[0]); 8.11 ++ strncpy(path, argv[0], sizeof(path)); 8.12 + argv[0] = strrchr(argv[0], '/') + 1; 8.13 + } else { 8.14 +- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]); 8.15 ++ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]); 8.16 + } 8.17 + 8.18 + /* 8.19 +--- tcp_wrappers_7.6/eval.c.bug11881 8.20 ++++ tcp_wrappers_7.6/eval.c 8.21 +@@ -111,7 +111,7 @@ 8.22 + return (hostinfo); 8.23 + #endif 8.24 + if (STR_NE(eval_user(request), unknown)) { 8.25 +- sprintf(both, "%s@%s", request->user, hostinfo); 8.26 ++ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo); 8.27 + return (both); 8.28 + } else { 8.29 + return (hostinfo); 8.30 +@@ -128,7 +128,7 @@ 8.31 + char *daemon = eval_daemon(request); 8.32 + 8.33 + if (STR_NE(host, unknown)) { 8.34 +- sprintf(both, "%s@%s", daemon, host); 8.35 ++ snprintf(both, sizeof(both), "%s@%s", daemon, host); 8.36 + return (both); 8.37 + } else { 8.38 + return (daemon); 8.39 +