commit: b6c98ac91a420c28f1f7c91c161daaab6fe93bb1
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 24 19:20:43 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Mar 24 19:37:09 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=b6c98ac9
sys-apps/tcp-wrappers: version bump
Package-Manager: portage-2.2.8-r1
RepoMan-Options: --force
---
.../files/tcp-wrappers-7.6-headers.patch | 295 +++++++++++++++++++++
.../files/tcp-wrappers-7.6-redhat-bug11881.patch | 35 +++
.../files/tcp-wrappers-7.6.22-remove-DECLS.patch | 22 ++
sys-apps/tcp-wrappers/metadata.xml | 6 +
.../tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild | 99 +++++++
5 files changed, 457 insertions(+)
diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch
b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch
new file mode 100644
index 0000000..328a4a1
--- /dev/null
+++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch
@@ -0,0 +1,295 @@
+--- a/options.c
++++ b/options.c
+@@ -34,6 +34,8 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <sys/socket.h>
+--- a/safe_finger.c
++++ b/safe_finger.c
+@@ -20,6 +20,11 @@
+
+ /* System libraries */
+
++#include <unistd.h>
++#include <fcntl.h>
++#include <stdlib.h>
++#include <sys/wait.h>
++#include <grp.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <signal.h>
+@@ -27,7 +31,7 @@
+ #include <ctype.h>
+ #include <pwd.h>
+
+-extern void exit();
++int pipe_stdin(char **argv);
+
+ /* Local stuff */
+
+--- a/scaffold.c
++++ b/scaffold.c
+@@ -10,6 +10,7 @@
+
+ /* System libraries. */
+
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/socket.h>
+@@ -27,7 +27,4 @@
+ #endif
+
+-#ifndef INET6
+-extern char *malloc();
+-#endif
+
+ /* Application-specific. */
+--- a/shell_cmd.c
++++ b/shell_cmd.c
+@@ -14,6 +14,10 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
++#include <fcntl.h>
++#include <sys/wait.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <signal.h>
+@@ -25,8 +25,6 @@
+ #include <syslog.h>
+ #include <string.h>
+
+-extern void exit();
+-
+ /* Local stuff. */
+
+ #include "tcpd.h"
+--- a/tcpdchk.c
++++ b/tcpdchk.c
+@@ -20,6 +20,8 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #ifdef INET6
+@@ -35,10 +36,7 @@
+ #include <netdb.h>
+ #include <string.h>
+
+-extern int errno;
+-extern void exit();
+-extern int optind;
+-extern char *optarg;
++int cidr_mask_addr(char *str);
+
+ #ifndef INADDR_NONE
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+--- a/clean_exit.c
++++ b/clean_exit.c
+@@ -13,8 +13,8 @@
+ #endif
+
+ #include <stdio.h>
+-
+-extern void exit();
++#include <unistd.h>
++#include <stdlib.h>
+
+ #include "tcpd.h"
+
+--- a/hosts_access.c
++++ b/hosts_access.c
+@@ -23,6 +23,7 @@
+
+ /* System libraries. */
+
++#include <stdlib.h>
+ #include <sys/types.h>
+ #ifdef INT32_T
+ typedef uint32_t u_int32_t;
+@@ -43,8 +44,8 @@
+ #include <netdb.h>
+ #endif
+
+-extern char *fgets();
+-extern int errno;
++static int match_pattern_ylo(const char *s, const char *pattern);
++int cidr_mask_addr(char *str);
+
+ #ifndef INADDR_NONE
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+--- a/inetcf.c
++++ b/inetcf.c
+@@ -9,15 +9,14 @@
+ static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23";
+ #endif
+
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <stdio.h>
+ #include <errno.h>
+ #include <string.h>
+
+-extern int errno;
+-extern void exit();
+-
++#include "scaffold.h"
+ #include "tcpd.h"
+ #include "inetcf.h"
+
+--- a/percent_x.c
++++ b/percent_x.c
+@@ -16,12 +16,12 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
+
+-extern void exit();
+-
+ /* Local stuff. */
+
+ #include "tcpd.h"
+--- a/rfc931.c
++++ b/rfc931.c
+@@ -15,6 +15,7 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <sys/types.h>
+--- a/tcpd.c
++++ b/tcpd.c
+@@ -16,6 +16,7 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <sys/stat.h>
+@@ -39,6 +39,8 @@
+ #include "patchlevel.h"
+ #include "tcpd.h"
+
++void fix_options(struct request_info *request);
++
+ int allow_severity = SEVERITY; /* run-time adjustable */
+ int deny_severity = LOG_WARNING; /* ditto */
+
+--- a/tcpdmatch.c
++++ b/tcpdmatch.c
+@@ -19,6 +19,8 @@
+
+ /* System libraries. */
+
++#include <unistd.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/socket.h>
+@@ -30,9 +32,6 @@
+ #include <setjmp.h>
+ #include <string.h>
+
+-extern void exit();
+-extern int optind;
+-extern char *optarg;
+
+ #ifndef INADDR_NONE
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+--- a/update.c
++++ b/update.c
+@@ -19,6 +19,7 @@
+
+ /* System libraries */
+
++#include <unistd.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
+--- a/misc.c
++++ b/misc.c
+@@ -14,11 +14,10 @@
+ #include <arpa/inet.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <stdlib.h>
+
+ #include "tcpd.h"
+
+-extern char *fgets();
+-
+ #ifndef INADDR_NONE
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+ #endif
+--- a/fix_options.c
++++ b/fix_options.c
+@@ -32,6 +32,7 @@
+
+ /* fix_options - get rid of IP-level socket options */
+
++void
+ fix_options(request)
+ struct request_info *request;
+ {
+@@ -38,11 +38,8 @@
+ #ifdef IP_OPTIONS
+ unsigned char optbuf[BUFFER_SIZE / 3], *cp;
+ char lbuf[BUFFER_SIZE], *lp;
+-#ifdef __GLIBC__
+- size_t optsize = sizeof(optbuf), ipproto;
+-#else
+- int optsize = sizeof(optbuf), ipproto;
+-#endif
++ socklen_t optsize = sizeof(optbuf);
++ int ipproto;
+ struct protoent *ip;
+ int fd = request->fd;
+ unsigned int opt;
+--- a/socket.c
++++ b/socket.c
+@@ -95,11 +95,7 @@
+ static struct sockaddr_in client;
+ static struct sockaddr_in server;
+ #endif
+-#ifdef __GLIBC__
+- size_t len;
+-#else
+- int len;
+-#endif
++ socklen_t len;
+ char buf[BUFSIZ];
+ int fd = request->fd;
+
+@@ -430,11 +426,7 @@
+ #else
+ struct sockaddr_in sin;
+ #endif
+-#ifdef __GLIBC__
+- size_t size = sizeof(sin);
+-#else
+- int size = sizeof(sin);
+-#endif
++ socklen_t size;
+
+ /*
+ * Eat up the not-yet received datagram. Some systems insist on a
diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch
b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch
new file mode 100644
index 0000000..4a68476
--- /dev/null
+++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch
@@ -0,0 +1,35 @@
+--- tcp_wrappers_7.6/tcpd.c.bug11881
++++ tcp_wrappers_7.6/tcpd.c
+@@ -60,10 +60,10 @@
+ */
+
+ if (argv[0][0] == '/') {
+- strcpy(path, argv[0]);
++ strncpy(path, argv[0], sizeof(path));
+ argv[0] = strrchr(argv[0], '/') + 1;
+ } else {
+- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
++ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]);
+ }
+
+ /*
+--- tcp_wrappers_7.6/eval.c.bug11881
++++ tcp_wrappers_7.6/eval.c
+@@ -111,7 +111,7 @@
+ return (hostinfo);
+ #endif
+ if (STR_NE(eval_user(request), unknown)) {
+- sprintf(both, "%s@%s", request->user, hostinfo);
++ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo);
+ return (both);
+ } else {
+ return (hostinfo);
+@@ -128,7 +128,7 @@
+ char *daemon = eval_daemon(request);
+
+ if (STR_NE(host, unknown)) {
+- sprintf(both, "%s@%s", daemon, host);
++ snprintf(both, sizeof(both), "%s@%s", daemon, host);
+ return (both);
+ } else {
+ return (daemon);
diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch
b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch
new file mode 100644
index 0000000..0fbd5ed
--- /dev/null
+++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch
@@ -0,0 +1,22 @@
+diff -Naur tcp_wrappers_7.6.orig/tcpd.h tcp_wrappers_7.6/tcpd.h
+--- tcp_wrappers_7.6.orig/tcpd.h 2014-03-24 18:39:52.000000000 +0000
++++ tcp_wrappers_7.6/tcpd.h 2014-03-24 18:48:21.000000000 +0000
+@@ -11,7 +11,9 @@
+ #include <netinet/in.h>
+ #include <stdio.h>
+
++#ifdef __cplusplus
+ __BEGIN_DECLS
++#endif
+
+ /* Structure to describe one communications endpoint. */
+
+@@ -252,6 +254,8 @@
+ extern char *my_strtok();
+ #endif
+
++#ifdef __cplusplus
+ __END_DECLS
++#endif
+
+ #endif
diff --git a/sys-apps/tcp-wrappers/metadata.xml
b/sys-apps/tcp-wrappers/metadata.xml
index 96a2d58..1cecd60 100644
--- a/sys-apps/tcp-wrappers/metadata.xml
+++ b/sys-apps/tcp-wrappers/metadata.xml
@@ -2,4 +2,10 @@
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
<pkgmetadata>
<herd>base-system</herd>
+<use>
+ <flag name='netgroups'>
+ Support matching NIS (host) netgroup names via the @netgroup syntax
+ (if you don't know what this means, you most likely need want it)
+ </flag>
+</use>
</pkgmetadata>
diff --git a/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild
b/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild
new file mode 100644
index 0000000..98e3f4c
--- /dev/null
+++ b/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild
@@ -0,0 +1,99 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header:
/var/cvsroot/gentoo-x86/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r1.ebuild,v
1.7 2014/03/16 17:17:09 maekke Exp $
+
+EAPI="4"
+
+inherit eutils toolchain-funcs versionator flag-o-matic multilib-minimal
+
+MY_PV=$(get_version_component_range 1-2)
+DEB_PV=$(get_version_component_range 3)
+MY_P="${PN//-/_}_${MY_PV}"
+DESCRIPTION="TCP Wrappers"
+HOMEPAGE="ftp://ftp.porcupine.org/pub/security/index.html";
+SRC_URI="ftp://ftp.porcupine.org/pub/security/${MY_P}.tar.gz
+
mirror://debian/pool/main/t/${PN}/${PN}_${MY_PV}.q-${DEB_PV}.debian.tar.gz"
+
+LICENSE="tcp_wrappers_license"
+SLOT="0"
+KEYWORDS="amd64 arm ~mips x86"
+IUSE="ipv6 netgroups static-libs"
+
+RDEPEND="
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20131008-r4
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S=${WORKDIR}/${MY_P}
+
+src_prepare() {
+ EPATCH_OPTS="-p1" \
+ epatch $(sed -e 's:^:../debian/patches/:' ../debian/patches/series)
+ epatch "${FILESDIR}"/${PN}-7.6-headers.patch
+ epatch "${FILESDIR}"/${PN}-7.6-redhat-bug11881.patch
+ epatch "${FILESDIR}"/${PN}-7.6.22-remove-DECLS.patch
+
+ multilib_copy_sources
+}
+
+temake() {
+ local mycppflags="-DHAVE_WEAKSYMS -DHAVE_STRERROR -DSYS_ERRLIST_DEFINED"
+ use ipv6 && mycppflags+=" -DINET6=1 -Dss_family=__ss_family
-Dss_len=__ss_len"
+ emake \
+ REAL_DAEMON_DIR="${EPREFIX}"/usr/sbin \
+ TLI= VSYSLOG= PARANOID= BUGS= \
+ AUTH="-DALWAYS_RFC931" \
+ AUX_OBJ="weak_symbols.o" \
+ DOT="-DAPPEND_DOT" \
+ HOSTNAME="-DALWAYS_HOSTNAME" \
+ NETGROUP=$(usex netgroups -DNETGROUPS "") \
+ STYLE="-DPROCESS_OPTIONS" \
+ LIBS=$(usex netgroups -lnsl "") \
+ LIB=$(usex static-libs libwrap.a "") \
+ AR="$(tc-getAR)" ARFLAGS=rc \
+ CC="$(tc-getCC)" \
+ RANLIB="$(tc-getRANLIB)" \
+ COPTS="${CFLAGS} ${CPPFLAGS} ${mycppflags}" \
+ LDFLAGS="${LDFLAGS}" \
+ "$@" || die
+}
+
+multilib_src_configure() {
+ tc-export AR RANLIB
+ temake config-check
+}
+
+multilib_src_compile() {
+ temake all
+}
+
+multilib_src_install() {
+ into /usr
+ use static-libs && dolib.a libwrap.a
+ dolib.so shared/libwrap.so*
+
+ insinto /usr/include
+ doins tcpd.h
+
+ if multilib_build_binaries; then
+ gen_usr_ldscript -a wrap
+ dosbin tcpd tcpdchk tcpdmatch safe_finger try-from
+ fi
+}
+
+multilib_src_install_all() {
+ doman *.[358]
+ dosym hosts_access.5 /usr/share/man/man5/hosts.allow.5
+ dosym hosts_access.5 /usr/share/man/man5/hosts.deny.5
+
+ insinto /etc
+ newins "${FILESDIR}"/hosts.allow.example hosts.allow
+
+ dodoc BLURB CHANGES DISCLAIMER README*
+}
+
+pkg_preinst() {
+ # don't clobber people with our default example config
+ [[ -e ${EROOT}/etc/hosts.allow ]] && cp -pP "${EROOT}"/etc/hosts.allow
"${ED}"/etc/hosts.allow
+}
