Author: krejzi Date: 2012-08-01 06:04:22 -0600 (Wed, 01 Aug 2012) New Revision: 10486
Added: trunk/BOOK/archive/tcpwrappers.xml Removed: trunk/BOOK/postlfs/security/tcpwrappers.xml Modified: trunk/BOOK/general.ent trunk/BOOK/gnome/core/gdm.xml trunk/BOOK/introduction/welcome/changelog.xml trunk/BOOK/multimedia/libdriv/esound.xml trunk/BOOK/multimedia/videoutils/vlc.xml trunk/BOOK/networking/netprogs/nfs-utils.xml trunk/BOOK/networking/netprogs/rpcbind.xml trunk/BOOK/postlfs/security/openssh.xml trunk/BOOK/postlfs/security/security.xml trunk/BOOK/postlfs/security/stunnel.xml trunk/BOOK/pst/printing/cups.xml trunk/BOOK/pst/printing/lprng.xml trunk/BOOK/pst/scanning/sane.xml trunk/BOOK/server/databases/mysql.xml trunk/BOOK/server/mail/exim.xml trunk/BOOK/server/mail/sendmail.xml trunk/BOOK/server/major/vsftpd.xml trunk/BOOK/server/other/openldap.xml trunk/BOOK/xsoft/other/inkscape.xml Log: Removed TCP Wrappers. Inkscape 0.48.3.1 and VLC 2.0.3. Copied: trunk/BOOK/archive/tcpwrappers.xml (from rev 10485, trunk/BOOK/postlfs/security/tcpwrappers.xml) =================================================================== --- trunk/BOOK/archive/tcpwrappers.xml (rev 0) +++ trunk/BOOK/archive/tcpwrappers.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -0,0 +1,248 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ + <!ENTITY % general-entities SYSTEM "../../general.ent"> + %general-entities; + + <!ENTITY tcpwrappers-download-http " "> + <!ENTITY tcpwrappers-download-ftp "ftp://ftp.porcupine.org/pub/security/tcp_wrappers_&tcpwrappers-version;.tar.gz";> + <!ENTITY tcpwrappers-md5sum "e6fa25f71226d090f34de3f6b122fb5a"> + <!ENTITY tcpwrappers-size "97 KB"> + <!ENTITY tcpwrappers-buildsize "1.09 MB"> + <!ENTITY tcpwrappers-time "less than 0.1 SBU"> +]> + +<sect1 id="tcpwrappers" xreflabel="TCP Wrappers-&tcpwrappers-version;"> + <?dbhtml filename="tcpwrappers.html"?> + + <sect1info> + <othername>$LastChangedBy$</othername> + <date>$Date$</date> + </sect1info> + + <title>TCP Wrappers-&tcpwrappers-version;</title> + + <indexterm zone="tcpwrappers"> + <primary sortas="a-TCP Wrapper">TCP Wrapper</primary> + </indexterm> + + <sect2 role="package"> + <title>Introduction to TCP Wrappers</title> + + <para>The <application>TCP Wrapper</application> package provides daemon + wrapper programs that report the name of the client requesting network + services and the requested service. This capability is obsolete in + a modern environment, but several applications still use the library + and associated configuration files.</para> + + &lfs70_checked; + + <bridgehead renderas="sect3">Package Information</bridgehead> + <itemizedlist spacing="compact"> + <listitem> + <para>Download (HTTP): <ulink url="&tcpwrappers-download-http;"/></para> + </listitem> + <listitem> + <para>Download (FTP): <ulink url="&tcpwrappers-download-ftp;"/></para> + </listitem> + <listitem> + <para>Download MD5 sum: &tcpwrappers-md5sum;</para> + </listitem> + <listitem> + <para>Download size: &tcpwrappers-size;</para> + </listitem> + <listitem> + <para>Estimated disk space required: &tcpwrappers-buildsize;</para> + </listitem> + <listitem> + <para>Estimated build time: &tcpwrappers-time;</para> + </listitem> + </itemizedlist> + + <bridgehead renderas="sect3">Additional Downloads</bridgehead> + <itemizedlist spacing='compact'> + <listitem> + <para>Required Patch (Fixes some build issues and adds building a + shared library): <ulink + url="&patch-root;/tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch"/></para> + </listitem> + </itemizedlist> + + <para condition="html" role="usernotes">User Notes: + <ulink url="&blfs-wiki;/tcpwrappers"/></para> + + </sect2> + + <sect2 role="installation"> + <title>Installation of TCP Wrappers</title> + + <para>Install <application>TCP Wrapper</application> with the following + commands:</para> + +<screen><userinput>patch -Np1 -i ../tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch && +sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c && +make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux</userinput></screen> + + <para>This package does not come with a test suite.</para> + + <para>Now, as the <systemitem class="username">root</systemitem> user:</para> + +<screen role="root"><userinput>make install</userinput></screen> + + </sect2> + + <sect2 role="commands"> + <title>Command Explanations</title> + + <para><command>sed -i -e ... scaffold.c</command>: This command removes an + obsolete C declaration which causes the build to fail if using + <application>GCC >= 3.4.x</application>.</para> + + </sect2> + + <sect2 role="configuration"> + <title>Configuring TCP Wrappers</title> + + <sect3 id="tcpwrappers-config"> + <title>Config Files</title> + + <para><filename>/etc/hosts.allow</filename> and + <filename>/etc/hosts.deny</filename></para> + + <indexterm zone="tcpwrappers tcpwrappers-config"> + <primary sortas="e-etc-hosts.allow">/etc/hosts.allow</primary> + </indexterm> + + <indexterm zone="tcpwrappers tcpwrappers-config"> + <primary sortas="e-etc-hosts.deny">/etc/hosts.deny</primary> + </indexterm> +<!-- + <para>File protections: the wrapper, all files used by the wrapper, + and all directories in the path leading to those files, should be + accessible but not writable for unprivileged users (mode 755 or mode + 555). Do not install the wrapper set-uid.</para> + + <para>As the <systemitem class="username">root</systemitem> user, + perform the following edits on the + <filename>/etc/inetd.conf</filename> configuration file:</para> + + <indexterm zone="tcpwrappers tcpwrappers-config"> + <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> + </indexterm> + +<screen><literal>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</literal></screen> + + <para>becomes:</para> + +<screen><literal>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</literal></screen> + + <note> + <para>The <command>finger</command> server is used as an example here.</para> + </note> + + <para>Similar changes must be made if <application>xinetd</application> is + used, with the emphasis being on calling <command>/usr/sbin/tcpd</command> + instead of calling the service daemon directly, and passing the name of the + service daemon to <command>tcpd</command>.</para> + + <indexterm zone="tcpwrappers tcpwrappers-config"> + <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary> + </indexterm> +--> + </sect3> + + </sect2> + + <sect2 role="content"> + <title>Contents</title> + + <segmentedlist> + <segtitle>Installed Programs</segtitle> + <segtitle>Installed Library</segtitle> + <segtitle>Installed Directories</segtitle> + + <seglistitem> + <seg>tcpd, tcpdchk, tcpdmatch, try-from, and safe_finger</seg> + <seg>libwrap.{so,a}</seg> + <seg>None</seg> + </seglistitem> + </segmentedlist> + + <variablelist> + <bridgehead renderas="sect3">Short Descriptions</bridgehead> + <?dbfo list-presentation="list"?> + <?dbhtml list-presentation="table"?> + + <varlistentry id="tcpd"> + <term><command>tcpd</command></term> + <listitem> + <para>is the main access control daemon for all Internet services, + which <command>inetd</command> or <command>xinetd</command> + will run instead of running the requested service daemon.</para> + <indexterm zone="tcpwrappers tcpd"> + <primary sortas="b-tcpd">tcpd</primary> + </indexterm> + </listitem> + </varlistentry> + + <varlistentry id="tcpdchk"> + <term><command>tcpdchk</command></term> + <listitem> + <para>is a tool to examine a <command>tcpd</command> wrapper + configuration and report problems with it.</para> + <indexterm zone="tcpwrappers tcpdchk"> + <primary sortas="b-tcpdchk">tcpdchk</primary> + </indexterm> + </listitem> + </varlistentry> + + <varlistentry id="tcpdmatch"> + <term><command>tcpdmatch</command></term> + <listitem> + <para>is used to predict how the TCP wrapper + would handle a specific request for a service.</para> + <indexterm zone="tcpwrappers tcpdmatch"> + <primary sortas="b-tcpdmatch">tcpdmatch</primary> + </indexterm> + </listitem> + </varlistentry> + + <varlistentry id="try-from"> + <term><command>try-from</command></term> + <listitem> + <para>can be called via a remote shell command to find out if the + host name and address are properly recognized.</para> + <indexterm zone="tcpwrappers try-from"> + <primary sortas="b-try-from">try-from</primary> + </indexterm> + </listitem> + </varlistentry> + + <varlistentry id="safe_finger"> + <term><command>safe_finger</command></term> + <listitem> + <para>is a wrapper for the <command>finger</command> utility, to + provide automatic reverse name lookups.</para> + <indexterm zone="tcpwrappers safe_finger"> + <primary sortas="b-safe_finger">safe_finger</primary> + </indexterm> + </listitem> + </varlistentry> + + <varlistentry id="libwrap"> + <term><filename class='libraryfile'>libwrap.{so,a}</filename></term> + <listitem> + <para>contains the API functions required by + the <application>TCP Wrapper</application> programs as well as other programs + to become <quote><application>TCP Wrapper</application>-aware</quote>.</para> + <indexterm zone="tcpwrappers libwrap"> + <primary sortas="c-libwrap">libwrap.{so,a}</primary> + </indexterm> + </listitem> + </varlistentry> + + </variablelist> + + </sect2> + +</sect1> Modified: trunk/BOOK/general.ent =================================================================== --- trunk/BOOK/general.ent 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/general.ent 2012-08-01 12:04:22 UTC (rev 10486) @@ -3,13 +3,13 @@ $Date$ --> -<!ENTITY day "31"> <!-- Always 2 digits --> -<!ENTITY month "07"> <!-- Always 2 digits --> +<!ENTITY day "01"> <!-- Always 2 digits --> +<!ENTITY month "08"> <!-- Always 2 digits --> <!ENTITY year "2012"> <!ENTITY copyrightdate "2001-&year;"> <!ENTITY copyholder "The BLFS Development Team"> <!ENTITY version "&year;-&month;-&day;"> -<!ENTITY releasedate "July 31st, &year;"> +<!ENTITY releasedate "August 1st, &year;"> <!-- <!ENTITY releasedate "November &day;st, &year;"> --> <!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP --> <!ENTITY blfs-version "svn"> <!-- svn|[release #] --> @@ -175,11 +175,11 @@ <!ENTITY shadow-version "4.1.5.1"> <!ENTITY stunnel-version "4.52"> <!ENTITY sudo-version "1.8.5p2"> -<!ENTITY tcpwrappers-version "7.6"> <!ENTITY tripwire-version "2.4.2.2"> <!-- Removed <!ENTITY heimdal-version "1.4"> +<!ENTITY tcpwrappers-version "7.6"> --> <!-- Chapter 5 --> @@ -1020,7 +1020,7 @@ <!ENTITY gnash-version "0.8.10"> <!ENTITY gimp-version "2.8.0"> <!ENTITY icedtea-web-version "1.2"> -<!ENTITY inkscape-version "0.48.2"> +<!ENTITY inkscape-version "0.48.3.1"> <!ENTITY pan-version "0.133"> <!ENTITY pidgin-version "2.10.6"> <!ENTITY rox-filer-version "2.10"> @@ -1113,7 +1113,7 @@ <!ENTITY mplayer-version "1.1"> <!ENTITY xine-ui-version "0.99.7"> <!ENTITY transcode-version "1.1.7"> -<!ENTITY vlc-version "2.0.2"> +<!ENTITY vlc-version "2.0.3"> <!-- Removed <!ENTITY avifile-version "0.7.45"> Modified: trunk/BOOK/gnome/core/gdm.xml =================================================================== --- trunk/BOOK/gnome/core/gdm.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/gnome/core/gdm.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -120,8 +120,7 @@ <bridgehead renderas="sect4">Optional</bridgehead> <para role="optional"> - <xref linkend="check"/> (required to run the testsuite) and - <xref linkend="tcpwrappers"/> + <xref linkend="check"/> (required to run the testsuite) </para> <para condition="html" role="usernotes">User Notes: Modified: trunk/BOOK/introduction/welcome/changelog.xml =================================================================== --- trunk/BOOK/introduction/welcome/changelog.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/introduction/welcome/changelog.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -47,6 +47,21 @@ <para>July 31st, 2012</para> <itemizedlist> <listitem> + <para>[krejzi] - Inkscape 0.48.3.1.</para> + </listitem> + <listitem> + <para>[krejzi] - VLC 2.0.3.</para> + </listitem> + <listitem> + <para>[krejzi] - Removed TCP Wrappers.</para> + </listitem> + </itemizedlist> + </listitem> + + <listitem> + <para>July 31st, 2012</para> + <itemizedlist> + <listitem> <para>[krejzi] - Bluefish 2.2.3.</para> </listitem> <listitem> Modified: trunk/BOOK/multimedia/libdriv/esound.xml =================================================================== --- trunk/BOOK/multimedia/libdriv/esound.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/multimedia/libdriv/esound.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -63,9 +63,7 @@ <para role="required"><xref linkend="audiofile"/></para> <bridgehead renderas="sect4">Optional</bridgehead> - <para role="optional"><xref linkend="alsa-lib"/>, - <!-- <xref linkend="arts"/>, --> - <xref linkend="tcpwrappers"/>, and + <para role="optional"><xref linkend="alsa-lib"/> and <xref linkend="docbook-utils"/> (Required for building the html documentation)</para> <para condition="html" role="usernotes">User Notes: Modified: trunk/BOOK/multimedia/videoutils/vlc.xml =================================================================== --- trunk/BOOK/multimedia/videoutils/vlc.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/multimedia/videoutils/vlc.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -5,13 +5,13 @@ %general-entities; <!ENTITY vlc-download-http - "http://download.videolan.org/pub/videolan/vlc/&vlc-version;/vlc-&vlc-version;.tar.xz";> + "http://download.videolan.org/pub/videolan/vlc/&vlc-version;/vlc-&vlc-version;.tar.xz";> <!ENTITY vlc-download-ftp - "ftp://ftp.videolan.org/pub/videolan/vlc/&vlc-version;/vlc-&vlc-version;.tar.xz";> - <!ENTITY vlc-md5sum "93e729cc970a4535b3213dbef0e69528"> - <!ENTITY vlc-size "17 MB"> - <!ENTITY vlc-buildsize "432 MB"> - <!ENTITY vlc-time "2.5 SBU"> + "ftp://ftp.videolan.org/pub/videolan/vlc/&vlc-version;/vlc-&vlc-version;.tar.xz";> + <!ENTITY vlc-md5sum "a7e79565e3df07dcf9abc6cad3ac26bb"> + <!ENTITY vlc-size "18 MB"> + <!ENTITY vlc-buildsize "500 MB"> + <!ENTITY vlc-time "4.0 SBU"> ]> <sect1 id="vlc" xreflabel="VLC-&vlc-version;"> Modified: trunk/BOOK/networking/netprogs/nfs-utils.xml =================================================================== --- trunk/BOOK/networking/netprogs/nfs-utils.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/networking/netprogs/nfs-utils.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -70,11 +70,6 @@ <xref linkend="rpcbind"/> (Runtime dependency) </para> - <bridgehead renderas="sect4">Optional</bridgehead> - <para role="optional"> - <xref linkend="tcpwrappers"/> - </para> - <bridgehead renderas="sect4">Optional for NFSv4 Support</bridgehead> <para role="optional"> <xref linkend="libevent"/> and @@ -182,7 +177,7 @@ RPCSEC GSS (RPC Security).</para> <para><parameter>--without-tcp-wrappers</parameter>: This option is - only needed if the optional <xref linkend="tcpwrappers"/> is not installed.</para> + needed because TCP Wrappers is not in BLFS.</para> </sect2> @@ -239,17 +234,6 @@ </sect4> - <sect4 id="nfs-utils-server-wrappers-support"> - <title>tcpwrappers Configuration</title> - - <para>If you have <xref linkend="tcpwrappers"/> installed and there - is a restrictive <filename>/etc/hosts.deny</filename> file, ensure you - have an entry in the <filename>/etc/hosts.allow</filename> file for access - from the rpcbind daemon. See the man page in section 5 for hosts_access for - details on creating appropriate rules.</para> - - </sect4> - </sect3> <sect3 id='nfs-utils-client-config'> Modified: trunk/BOOK/networking/netprogs/rpcbind.xml =================================================================== --- trunk/BOOK/networking/netprogs/rpcbind.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/networking/netprogs/rpcbind.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -64,11 +64,6 @@ <xref linkend="libtirpc"/> </para> - <bridgehead renderas="sect4">Optional</bridgehead> - <para role="required"> - <xref linkend="tcpwrappers"/> - </para> - <para condition="html" role="usernotes">User Notes: <ulink url="&blfs-wiki;/rpcbind"/></para> @@ -112,13 +107,6 @@ <screen role="root"><userinput>make install-rpcbind</userinput></screen> - - <note><para>If you build <application>rpcbind</application> with - <xref linkend="tcpwrappers"/>, be sure to allow it in - <filename>/etc/hosts.allow</filename>. For example:</para> - -<screen><userinput>rpcbind: 127.0.0.1</userinput></screen></note> - </sect3> </sect2> Modified: trunk/BOOK/postlfs/security/openssh.xml =================================================================== --- trunk/BOOK/postlfs/security/openssh.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/postlfs/security/openssh.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -84,7 +84,6 @@ <bridgehead renderas="sect4">Optional</bridgehead> <para role="optional"> <xref linkend="linux-pam"/>, - <xref linkend="tcpwrappers"/>, <xref linkend="x-window-system"/>, <xref linkend="mitkrb"/>, <ulink url="http://www.thrysoee.dk/editline/";>libedit</ulink> @@ -95,7 +94,7 @@ <bridgehead renderas="sect4">Optional Runtime (Used only to gather entropy)</bridgehead> <para role="optional"> - <xref linkend="openjdk"/><!-- or <xref linkend="jdk"/>-->, + <xref linkend="openjdk"/>, <xref linkend="net-tools"/> and <xref linkend="sysstat"/>. </para> @@ -124,17 +123,6 @@ -s /bin/false -u 50 sshd</userinput></screen> <para> - <application>OpenSSH</application> is very sensitive to changes in the - linked <application>OpenSSL</application> libraries. If you recompile - <application>OpenSSL</application>, <application>OpenSSH</application> may - fail to start up. An alternative is to link against the static - <application>OpenSSL</application> library. To link against the static - library, execute the following command: - </para> - -<screen><userinput>sed -i 's@-lcrypto@/usr/lib/libcrypto.a -ldl@' configure</userinput></screen> - - <para> Install <application>OpenSSH</application> by running the following commands: </para> @@ -148,15 +136,11 @@ make</userinput></screen> <para> - If you linked <application>tcp_wrappers</application> into the build using - the <option>--with-tcp-wrappers</option> parameter, ensure you add - 127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename> if you - have a restrictive <filename>/etc/hosts.deny</filename> file, or the test - suite will fail. Additionally, the testsuite requires an installed copy of - <command>scp</command> to complete the multiplexing tests. To run the test - suite, first copy the scp program to - <filename class="directory">/usr/bin</filename>, making sure that you back - up any existing copy first. + The testsuite requires an installed copy of <command>scp</command> to + complete the multiplexing tests. To run the test suite, first copy the + <command>scp</command> program to + <filename class="directory">/usr/bin</filename>, making sure that you + back up any existing copy first. </para> <para> Modified: trunk/BOOK/postlfs/security/security.xml =================================================================== --- trunk/BOOK/postlfs/security/security.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/postlfs/security/security.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -67,7 +67,6 @@ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="shadow.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="stunnel.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="sudo.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="tcpwrappers.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="tripwire.xml"/> </chapter> Modified: trunk/BOOK/postlfs/security/stunnel.xml =================================================================== --- trunk/BOOK/postlfs/security/stunnel.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/postlfs/security/stunnel.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -75,9 +75,6 @@ <bridgehead renderas="sect4">Required</bridgehead> <para role="required"><xref linkend="openssl"/></para> - <bridgehead renderas="sect4">Optional</bridgehead> - <para role="optional"><xref linkend="tcpwrappers"/></para> - <para condition="html" role="usernotes">User Notes: <ulink url="&blfs-wiki;/stunnel"/></para> Deleted: trunk/BOOK/postlfs/security/tcpwrappers.xml =================================================================== --- trunk/BOOK/postlfs/security/tcpwrappers.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/postlfs/security/tcpwrappers.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -1,248 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" - "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ - <!ENTITY % general-entities SYSTEM "../../general.ent"> - %general-entities; - - <!ENTITY tcpwrappers-download-http " "> - <!ENTITY tcpwrappers-download-ftp "ftp://ftp.porcupine.org/pub/security/tcp_wrappers_&tcpwrappers-version;.tar.gz";> - <!ENTITY tcpwrappers-md5sum "e6fa25f71226d090f34de3f6b122fb5a"> - <!ENTITY tcpwrappers-size "97 KB"> - <!ENTITY tcpwrappers-buildsize "1.09 MB"> - <!ENTITY tcpwrappers-time "less than 0.1 SBU"> -]> - -<sect1 id="tcpwrappers" xreflabel="TCP Wrappers-&tcpwrappers-version;"> - <?dbhtml filename="tcpwrappers.html"?> - - <sect1info> - <othername>$LastChangedBy$</othername> - <date>$Date$</date> - </sect1info> - - <title>TCP Wrappers-&tcpwrappers-version;</title> - - <indexterm zone="tcpwrappers"> - <primary sortas="a-TCP Wrapper">TCP Wrapper</primary> - </indexterm> - - <sect2 role="package"> - <title>Introduction to TCP Wrappers</title> - - <para>The <application>TCP Wrapper</application> package provides daemon - wrapper programs that report the name of the client requesting network - services and the requested service. This capability is obsolete in - a modern environment, but several applications still use the library - and associated configuration files.</para> - - &lfs70_checked; - - <bridgehead renderas="sect3">Package Information</bridgehead> - <itemizedlist spacing="compact"> - <listitem> - <para>Download (HTTP): <ulink url="&tcpwrappers-download-http;"/></para> - </listitem> - <listitem> - <para>Download (FTP): <ulink url="&tcpwrappers-download-ftp;"/></para> - </listitem> - <listitem> - <para>Download MD5 sum: &tcpwrappers-md5sum;</para> - </listitem> - <listitem> - <para>Download size: &tcpwrappers-size;</para> - </listitem> - <listitem> - <para>Estimated disk space required: &tcpwrappers-buildsize;</para> - </listitem> - <listitem> - <para>Estimated build time: &tcpwrappers-time;</para> - </listitem> - </itemizedlist> - - <bridgehead renderas="sect3">Additional Downloads</bridgehead> - <itemizedlist spacing='compact'> - <listitem> - <para>Required Patch (Fixes some build issues and adds building a - shared library): <ulink - url="&patch-root;/tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch"/></para> - </listitem> - </itemizedlist> - - <para condition="html" role="usernotes">User Notes: - <ulink url="&blfs-wiki;/tcpwrappers"/></para> - - </sect2> - - <sect2 role="installation"> - <title>Installation of TCP Wrappers</title> - - <para>Install <application>TCP Wrapper</application> with the following - commands:</para> - -<screen><userinput>patch -Np1 -i ../tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch && -sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c && -make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux</userinput></screen> - - <para>This package does not come with a test suite.</para> - - <para>Now, as the <systemitem class="username">root</systemitem> user:</para> - -<screen role="root"><userinput>make install</userinput></screen> - - </sect2> - - <sect2 role="commands"> - <title>Command Explanations</title> - - <para><command>sed -i -e ... scaffold.c</command>: This command removes an - obsolete C declaration which causes the build to fail if using - <application>GCC >= 3.4.x</application>.</para> - - </sect2> - - <sect2 role="configuration"> - <title>Configuring TCP Wrappers</title> - - <sect3 id="tcpwrappers-config"> - <title>Config Files</title> - - <para><filename>/etc/hosts.allow</filename> and - <filename>/etc/hosts.deny</filename></para> - - <indexterm zone="tcpwrappers tcpwrappers-config"> - <primary sortas="e-etc-hosts.allow">/etc/hosts.allow</primary> - </indexterm> - - <indexterm zone="tcpwrappers tcpwrappers-config"> - <primary sortas="e-etc-hosts.deny">/etc/hosts.deny</primary> - </indexterm> -<!-- - <para>File protections: the wrapper, all files used by the wrapper, - and all directories in the path leading to those files, should be - accessible but not writable for unprivileged users (mode 755 or mode - 555). Do not install the wrapper set-uid.</para> - - <para>As the <systemitem class="username">root</systemitem> user, - perform the following edits on the - <filename>/etc/inetd.conf</filename> configuration file:</para> - - <indexterm zone="tcpwrappers tcpwrappers-config"> - <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> - </indexterm> - -<screen><literal>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</literal></screen> - - <para>becomes:</para> - -<screen><literal>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</literal></screen> - - <note> - <para>The <command>finger</command> server is used as an example here.</para> - </note> - - <para>Similar changes must be made if <application>xinetd</application> is - used, with the emphasis being on calling <command>/usr/sbin/tcpd</command> - instead of calling the service daemon directly, and passing the name of the - service daemon to <command>tcpd</command>.</para> - - <indexterm zone="tcpwrappers tcpwrappers-config"> - <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary> - </indexterm> ---> - </sect3> - - </sect2> - - <sect2 role="content"> - <title>Contents</title> - - <segmentedlist> - <segtitle>Installed Programs</segtitle> - <segtitle>Installed Library</segtitle> - <segtitle>Installed Directories</segtitle> - - <seglistitem> - <seg>tcpd, tcpdchk, tcpdmatch, try-from, and safe_finger</seg> - <seg>libwrap.{so,a}</seg> - <seg>None</seg> - </seglistitem> - </segmentedlist> - - <variablelist> - <bridgehead renderas="sect3">Short Descriptions</bridgehead> - <?dbfo list-presentation="list"?> - <?dbhtml list-presentation="table"?> - - <varlistentry id="tcpd"> - <term><command>tcpd</command></term> - <listitem> - <para>is the main access control daemon for all Internet services, - which <command>inetd</command> or <command>xinetd</command> - will run instead of running the requested service daemon.</para> - <indexterm zone="tcpwrappers tcpd"> - <primary sortas="b-tcpd">tcpd</primary> - </indexterm> - </listitem> - </varlistentry> - - <varlistentry id="tcpdchk"> - <term><command>tcpdchk</command></term> - <listitem> - <para>is a tool to examine a <command>tcpd</command> wrapper - configuration and report problems with it.</para> - <indexterm zone="tcpwrappers tcpdchk"> - <primary sortas="b-tcpdchk">tcpdchk</primary> - </indexterm> - </listitem> - </varlistentry> - - <varlistentry id="tcpdmatch"> - <term><command>tcpdmatch</command></term> - <listitem> - <para>is used to predict how the TCP wrapper - would handle a specific request for a service.</para> - <indexterm zone="tcpwrappers tcpdmatch"> - <primary sortas="b-tcpdmatch">tcpdmatch</primary> - </indexterm> - </listitem> - </varlistentry> - - <varlistentry id="try-from"> - <term><command>try-from</command></term> - <listitem> - <para>can be called via a remote shell command to find out if the - host name and address are properly recognized.</para> - <indexterm zone="tcpwrappers try-from"> - <primary sortas="b-try-from">try-from</primary> - </indexterm> - </listitem> - </varlistentry> - - <varlistentry id="safe_finger"> - <term><command>safe_finger</command></term> - <listitem> - <para>is a wrapper for the <command>finger</command> utility, to - provide automatic reverse name lookups.</para> - <indexterm zone="tcpwrappers safe_finger"> - <primary sortas="b-safe_finger">safe_finger</primary> - </indexterm> - </listitem> - </varlistentry> - - <varlistentry id="libwrap"> - <term><filename class='libraryfile'>libwrap.{so,a}</filename></term> - <listitem> - <para>contains the API functions required by - the <application>TCP Wrapper</application> programs as well as other programs - to become <quote><application>TCP Wrapper</application>-aware</quote>.</para> - <indexterm zone="tcpwrappers libwrap"> - <primary sortas="c-libwrap">libwrap.{so,a}</primary> - </indexterm> - </listitem> - </varlistentry> - - </variablelist> - - </sect2> - -</sect1> Modified: trunk/BOOK/pst/printing/cups.xml =================================================================== --- trunk/BOOK/pst/printing/cups.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/pst/printing/cups.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -68,8 +68,7 @@ </para> <bridgehead renderas="sect4">Optional</bridgehead> - <para role="optional"><!-- <xref linkend="pkgconfig"/>, --> - <xref linkend="tcpwrappers"/>, + <para role="optional"> <xref linkend="dbus"/>, <xref linkend="libusb"/>, <xref linkend="acl"/>, @@ -80,11 +79,11 @@ <xref linkend="php"/>, <xref linkend="gs"/>, <xref linkend="python2"/>, - <xref linkend="openjdk"/><!-- or <xref linkend="jdk"/>-->, + <xref linkend="openjdk"/>, <ulink url="http://portland.freedesktop.org/wiki/";>Xdg-utils</ulink>, <ulink url="http://www.openslp.org/";>OpenSLP</ulink>, <ulink - url="http://packages.debian.org/unstable/source/libpaper";>libpaper</ulink>, + url="http://packages.debian.org/source/sid/libpaper";>libpaper</ulink>, <ulink url="http://www.easysw.com/htmldoc/";>HTMLDOC</ulink>, and <ulink url="http://valgrind.org/";>Valgrind</ulink> (optionally used if running the test suites) Modified: trunk/BOOK/pst/printing/lprng.xml =================================================================== --- trunk/BOOK/pst/printing/lprng.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/pst/printing/lprng.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -67,8 +67,7 @@ <bridgehead renderas="sect4">Optional</bridgehead> <para role="optional"><xref linkend="openssl"/>, - <xref linkend="tcpwrappers"/>, - <xref linkend="mitkrb"/>, and + <xref linkend="mitkrb"/> and <ulink url="http://www.pdc.kth.se/kth-krb/";>krb4</ulink></para> <para condition="html" role="usernotes">User Notes: Modified: trunk/BOOK/pst/scanning/sane.xml =================================================================== --- trunk/BOOK/pst/scanning/sane.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/pst/scanning/sane.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -277,8 +277,8 @@ <title>Configuration and setup of the 'saned' daemon</title> <para>The <command>saned</command> daemon is not meant to be used for - untrusted clients. You should provide <xref linkend="tcpwrappers"/> - and/or <xref linkend="fw-firewall"/> protection to ensure only trusted + untrusted clients. You should provide <xref linkend="fw-firewall"/> + protection to ensure only trusted clients access the daemon. Due to the complex security requirements to ensure only trusted clients access the daemon, BLFS does not provide instructions to configure the <command>saned</command> daemon. If you Modified: trunk/BOOK/server/databases/mysql.xml =================================================================== --- trunk/BOOK/server/databases/mysql.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/server/databases/mysql.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -88,8 +88,9 @@ <para role="optional"><xref linkend="openssl"/></para> <bridgehead renderas="sect4">Optional</bridgehead> - <para role="optional"><xref linkend="tcpwrappers"/> and - <ulink url="http://packages.debian.org/squeeze/libaio-dev";>libaio</ulink></para> + <para role="optional"> + <ulink url="http://packages.debian.org/source/sid/libaio";>libaio</ulink> + </para> <para condition="html" role="usernotes">User Notes: <ulink url="&blfs-wiki;/mysql"/></para> Modified: trunk/BOOK/server/mail/exim.xml =================================================================== --- trunk/BOOK/server/mail/exim.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/server/mail/exim.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -90,8 +90,7 @@ <xref linkend="cyrus-sasl"/>, <xref linkend="mysql"/>, <xref linkend="postgresql"/>, - <xref linkend="sqlite"/>, - <xref linkend="tcpwrappers"/>, and + <xref linkend="sqlite"/> and <xref linkend="linux-pam"/> </para> Modified: trunk/BOOK/server/mail/sendmail.xml =================================================================== --- trunk/BOOK/server/mail/sendmail.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/server/mail/sendmail.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -66,7 +66,6 @@ <bridgehead renderas="sect4">Optional</bridgehead> <para role="optional"> <xref linkend="openssl"/>, - <xref linkend="tcpwrappers"/>, <xref linkend="cyrus-sasl"/>, <xref linkend="procmail"/>, <ulink url="http://www.feep.net/nph/";>nph</ulink>, and Modified: trunk/BOOK/server/major/vsftpd.xml =================================================================== --- trunk/BOOK/server/major/vsftpd.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/server/major/vsftpd.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -62,8 +62,7 @@ <bridgehead renderas="sect4">Optional</bridgehead> <para role="optional"> <xref linkend="linux-pam"/>, - <xref linkend="openssl"/>, - <xref linkend="tcpwrappers"/>, and + <xref linkend="openssl"/> and <xref linkend="libcap2"/> </para> Modified: trunk/BOOK/server/other/openldap.xml =================================================================== --- trunk/BOOK/server/other/openldap.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/server/other/openldap.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -107,14 +107,13 @@ <xref linkend="mysql"/> or <xref linkend="postgresql"/>, <ulink url="http://www.openslp.org/";>OpenSLP</ulink>, - <xref linkend="pth"/>, - <xref linkend="tcpwrappers"/> and + <xref linkend="pth"/> and <xref linkend="unixodbc"/> </para> <para condition="html" role="usernotes">User Notes: - <ulink url="&blfs-wiki;/openldap"/></para> - + <ulink url="&blfs-wiki;/openldap"/> + </para> </sect2> <sect2 role="installation"> @@ -177,11 +176,7 @@ make</userinput></screen> <para> - To test the results, issue: <command>make test</command>. If you've - enabled <application>tcp_wrappers</application>, ensure you add 127.0.0.1 - to the <parameter>slapd</parameter> line in the - <filename>/etc/hosts.allow</filename> file if you have a restrictive - <filename>/etc/hosts.deny</filename> file. + To test the results, issue: <command>make test</command>. </para> <para> @@ -265,12 +260,6 @@ SLPv2 support. Use this switch if you have installed <ulink url="http://www.openslp.org/";>OpenSLP</ulink>. </para> - - <para> - <option>--enable-wrappers</option>: This parameter enables - TCP Wrappers support. Use this switch if you have installed - <xref linkend="tcpwrappers"/>. - </para> <note> <para> @@ -288,10 +277,12 @@ <sect3 id="openldap-config"> <title>Config Files</title> - <para><filename>/etc/openldap/*</filename></para> + <para> + <filename>/etc/openldap/*</filename> + </para> <indexterm zone="openldap openldap-config"> - <primary sortas="e-etc-openldap">/etc/openldap/*</primary> + <primary sortas="e-etc-openldap">/etc/openldap/*</primary> </indexterm> </sect3> @@ -318,10 +309,12 @@ sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary> </indexterm> - <para>Resources to assist you with topics such as choosing a directory - configuration, backend and database definitions, access control settings, - running as a user other than <systemitem class="username">root</systemitem> - and setting a <command>chroot</command> environment include:</para> + <para> + Resources to assist you with topics such as choosing a directory + configuration, backend and database definitions, access control settings, + running as a user other than <systemitem class="username">root</systemitem> + and setting a <command>chroot</command> environment include: + </para> <itemizedlist spacing='compact'> <listitem> Modified: trunk/BOOK/xsoft/other/inkscape.xml =================================================================== --- trunk/BOOK/xsoft/other/inkscape.xml 2012-08-01 01:32:04 UTC (rev 10485) +++ trunk/BOOK/xsoft/other/inkscape.xml 2012-08-01 12:04:22 UTC (rev 10486) @@ -6,10 +6,10 @@ <!ENTITY inkscape-download-http "&sourceforge-repo;/inkscape/inkscape-&inkscape-version;.tar.bz2"> <!ENTITY inkscape-download-ftp " "> - <!ENTITY inkscape-md5sum "f60b98013bd1121b2cc301f3485076ba"> - <!ENTITY inkscape-size "18.7 MB"> - <!ENTITY inkscape-buildsize "1.9 GB"> - <!ENTITY inkscape-time "16 SBU"> + <!ENTITY inkscape-md5sum "f0fcc02088cc643634806064e7ab4ec3"> + <!ENTITY inkscape-size "19 MB"> + <!ENTITY inkscape-buildsize "1.5 GB"> + <!ENTITY inkscape-time "18 SBU"> ]> <sect1 id="inkscape" xreflabel="Inkscape-&inkscape-version;"> @@ -23,7 +23,7 @@ <title>Inkscape-&inkscape-version;</title> <indexterm zone="inkscape"> - <primary sortas="a-inkscape">Inkscape</primary> + <primary sortas="a-Inkscape">Inkscape</primary> </indexterm> <sect2 role="package"> @@ -75,10 +75,6 @@ <itemizedlist spacing="compact"> <listitem> <para> - Required patch: - <ulink url="&patch-root;/inkscape-&inkscape-version;_gcc-4.7-1.patch"/> - </para> - <para> Optional patch: <ulink url="&patch-root;/inkscape-&inkscape-version;-poppler-0.20-1.patch"/> </para> @@ -89,24 +85,26 @@ <bridgehead renderas="sect4">Required</bridgehead> <para role="required"> - <xref linkend="gtkmm2"/>, - <xref linkend="gc"/>, - <xref linkend="gsl"/>, <xref linkend="boost"/>, - <xref linkend="libpng"/> and - <xref linkend="intltool"/>. + <xref linkend="gc"/>, + <xref linkend="gsl"/> and + <xref linkend="gtkmm2"/> </para> + <bridgehead renderas="sect4">Recommended</bridgehead> + <para role="recommended"> + <xref linkend="lcms"/> + </para> + <bridgehead renderas="sect4">Optional</bridgehead> <para role="optional"> - <xref linkend="lcms"/>, - <xref linkend="poppler"/>, + <xref linkend="aspell"/>, + <xref linkend="doxygen"/>, <xref linkend="gnome-vfs"/>, <xref linkend="imagemagick"/>, - <xref linkend="popt"/>, - <xref linkend="doxygen"/>, - <xref linkend="aspell"/> and - <ulink url="http://libwpg.sourceforge.net/";>Libwpg</ulink>. + <ulink url="http://libwpg.sourceforge.net/";>libwpg</ulink>, + <xref linkend="poppler"/> and + <xref linkend="popt"/> </para> <para condition="html" role="usernotes"> @@ -122,54 +120,23 @@ compiling with Poppler 0.20: </para> -<screen><userinput>patch -p1 < ../inkscape-&inkscape-version;-poppler-0.20-1.patch</userinput></screen> +<screen><userinput>patch -Np1 -i ../inkscape-&inkscape-version;-poppler-0.20-1.patch</userinput></screen> <para> - Fix a bug that would otherwise prevent compiling with - <application>Libpng 1.5</application>: + Fix a bug that will prevent from compiling with + <application>libpng 1.5</application>: </para> <screen><userinput>sed -i 's/ptr->jmpbuf/jmpbuf(png_ptr)/' \ - src/{extension/internal/pdfinput/svg-builder,helper/png-write}.cpp</userinput></screen> + src/{extension/internal/pdfinput/svg-builder,helper/png-write}.cpp && +sed -i 's#if ( png_get_iCCP.*#if (0) {#' src/sp-image.cpp</userinput></screen> <para> - Fix a bug that would otherwise prevent compiling with - <application>Libpng 1.5.7</application> or greater: - </para> - -<screen><userinput>sed -i 's#if ( png_get_iCCP.*#if (0) {#' src/sp-image.cpp</userinput></screen> - - <para> - If you have <emphasis>not</emphasis> installed <xref linkend="lcms"/> fix - a bug that will otherwise break the build: - </para> - -<screen><userinput>sed -i '/<io\/sys.h>/d - /preferences.h/a#include "io/sys.h"' src/color-profile.cpp</userinput></screen> - - <para> - Fix a bug that would otherwise prevent compiling with - <application>Gcc 4.7</application>: - </para> - -<screen><userinput>patch -p1 < ../inkscape-&inkscape-version;_gcc-4.7-1.patch</userinput></screen> - - <para> - Fix many bugs that would otherwise prevent compiling with - <application>Glib 2.32</application> or greater: - </para> - -<screen><userinput>for thing in array convert dir error fileutils hash list macros main mem \ - messages quark slist strfuncs string types urifuncs utils -do sed -i "/^#include /s#/g${thing}##" $(grep -rl "include .glib/g${thing}" .) -done</userinput></screen> - - <para> Install <application>Inkscape</application> by running the following commands: </para> -<screen><userinput>./configure --prefix=/usr --disable-lcms && +<screen><userinput>./configure --prefix=/usr && make</userinput></screen> <para> @@ -181,16 +148,7 @@ </para> <screen role="root"><userinput>make install</userinput></screen> - </sect2> - <sect2 role="commands"> - <title>Command Explanations</title> - - <para> - <option>--disable-lcms</option>: This is required if you've not installed - <xref linkend="lcms"/>. If you have installed - <application>Lcms</application> remove this option. - </para> </sect2> <sect2 role="content"> @@ -201,8 +159,12 @@ <segtitle>Installed Directory</segtitle> <seglistitem> - <seg>inkscape and inkview.</seg> - <seg>/usr/share/inkscape.</seg> + <seg> + inkscape and inkview + </seg> + <seg> + /usr/share/inkscape + </seg> </seglistitem> </segmentedlist> @@ -234,6 +196,9 @@ </indexterm> </listitem> </varlistentry> + </variablelist> + </sect2> + </sect1> -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
