Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tcpd for openSUSE:Factory checked in at 2022-10-18 12:44:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tcpd (Old) and /work/SRC/openSUSE:Factory/.tcpd.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tcpd" Tue Oct 18 12:44:08 2022 rev:35 rq:1010374 version:7.6 Changes: -------- --- /work/SRC/openSUSE:Factory/tcpd/tcpd.changes 2022-09-21 14:38:54.589168792 +0200 +++ /work/SRC/openSUSE:Factory/.tcpd.new.2275/tcpd.changes 2022-10-18 12:44:09.157607997 +0200 @@ -1,0 +2,6 @@ +Tue Oct 11 09:34:37 UTC 2022 - Danilo Spinella <danilo.spine...@suse.com> + +- Add hosts.allow and hosts.deny config files from the netcfg package, + as they are tcpd specific, bsc#1099755 + +------------------------------------------------------------------- New: ---- hosts.allow hosts.deny ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tcpd.spec ++++++ --- /var/tmp/diff_new_pack.ZB8cJX/_old 2022-10-18 12:44:09.961609828 +0200 +++ /var/tmp/diff_new_pack.ZB8cJX/_new 2022-10-18 12:44:09.965609837 +0200 @@ -27,6 +27,8 @@ URL: ftp://ftp.porcupine.org/pub/security/index.html Source: ftp://ftp.porcupine.org/pub/security/tcp_wrappers_%{version}.tar.gz Source2: baselibs.conf +Source3: hosts.allow +Source4: hosts.deny Patch0: tcp_wrappers_%{version}.diff Patch1: tcp_wrappers_%{version}-ipv6-1.6.diff Patch2: tcp_wrappers_%{version}-ipv6-fix.diff @@ -155,6 +157,10 @@ install -m 644 shared/libwrap.so.0.%{version} %{buildroot}/%{_libdir} ln -sf libwrap.so.0.%{version} %{buildroot}/%{_libdir}/libwrap.so.0 ln -sf libwrap.so.0.%{version} %{buildroot}/%{_libdir}/libwrap.so +mkdir -p %{buildroot}%{_sysconfdir} +for i in hosts.allow hosts.deny; do + install $RPM_SOURCE_DIR/$i %{buildroot}/%{_sysconfdir} +done %post -n %{lname} -p /sbin/ldconfig @@ -170,6 +176,8 @@ %defattr(-,root,root) %doc DISCLAIMER %attr(755,root,root) %{_libdir}/libwrap.so.0* +%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/hosts.allow +%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/hosts.deny %files devel %defattr(644,root,root,755) ++++++ hosts.allow ++++++ # /etc/hosts.allow # Make sure package tcpd is installed on your system for this to work. # See 'man tcpd' and 'man 5 hosts_access' for a detailed description # of /etc/hosts.allow and /etc/hosts.deny. # # short overview about daemons and servers that are built with # tcp_wrappers support: # # package name | daemon path | token # ---------------------------------------------------------------------------- # ssh, openssh | /usr/sbin/sshd | sshd, sshd-fwd-x11, sshd-fwd-<port> # quota | /usr/sbin/rpc.rquotad | rquotad # tftpd | /usr/sbin/in.tftpd | in.tftpd # portmap | /sbin/portmap | portmap # The portmapper does not verify against hostnames # to prevent hangs. It only checks non-local addresses. # # (kernel nfs server) # nfs-utils | /usr/sbin/rpc.mountd | mountd # nfs-utils | /sbin/rpc.statd | statd # # (unfsd, userspace nfs server) # nfs-server | /usr/sbin/rpc.mountd | rpc.mountd # nfs-server | /usr/sbin/rpc.ugidd | rpc.ugidd # # (printing services) # lprng | /usr/sbin/lpd | lpd # cups | /usr/sbin/cupsd | cupsd # The cupsd server daemon reports to the cups # error logs, not to the syslog(3) facility. # # (Uniterrupted Power Supply Software) # apcupsd | /sbin/apcupsd | apcupsd # apcupsd | /sbin/apcnisd | apcnisd # # All of the other network servers such as samba, apache or X, have their own # access control scheme that should be used instead. # # In addition to the services above, the services that are started on request # by inetd or xinetd use tcpd to "wrap" the network connection. tcpd uses # the last component of the server pathname as a token to match a service in # /etc/hosts.{allow,deny}. See the file /etc/inetd.conf for the token names. # The following examples work when uncommented: # # # Example 1: Fire up a mail to the admin if a connection to the printer daemon # has been made from host foo.bar.com, but simply deny all others: # lpd : foo.bar.com : spawn /bin/echo "%h printer access" | \ # mail -s "tcp_wrappers on %H" root # # # Example 2: grant access from local net, reject with message from elsewhere. # in.telnetd : ALL EXCEPT LOCAL : ALLOW # in.telnetd : ALL : \ # twist /bin/echo -e "\n\raccess from %h declined.\n\rGo away.";sleep 2 # # # Example 3: run a different instance of rsyncd if the connection comes # from network 172.20.0.0/24, but regular for others: # rsyncd : 172.20.0.0/255.255.255.0 : twist /usr/local/sbin/my_rsyncd-script # rsyncd : ALL : ALLOW # ++++++ hosts.deny ++++++ # /etc/hosts.deny # Make sure package tcpd is installed on your system for this to work. # See 'man tcpd' and 'man 5 hosts_access' as well as /etc/hosts.allow # for a detailed description. http-rman : ALL EXCEPT LOCAL
