OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web openpkg$ Date: 21-Oct-2003 12:09:13
Branch: HEAD Handle: 2003102111091003
Added files:
openpkg-re/vcheck vc.tcpwrappers
openpkg-src/tcpwrappers hosts.allow tcpwrappers.patch tcpwrappers.spec
Modified files:
openpkg-web news.txt
Log:
new package: tcpwrappers 7.6k (TCP Wrappers Toolkit)
Summary:
Revision Changes Path
1.1 +9 -0 openpkg-re/vcheck/vc.tcpwrappers
1.1 +34 -0 openpkg-src/tcpwrappers/hosts.allow
1.1 +93 -0 openpkg-src/tcpwrappers/tcpwrappers.patch
1.1 +121 -0 openpkg-src/tcpwrappers/tcpwrappers.spec
1.7094 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-re/vcheck/vc.tcpwrappers
============================================================================
$ cvs diff -u -r0 -r1.1 vc.tcpwrappers
--- /dev/null 2003-10-21 12:09:11.000000000 +0200
+++ vc.tcpwrappers 2003-10-21 12:09:11.000000000 +0200
@@ -0,0 +1,9 @@
+config = {
+}
+
+prog tcpwrappers = {
+ version = 7.6k
+ url = http://www.web-insights.net/socket_wrappers/
+ regex = socket_wrappers-(__VER__)\.tar\.gz
+}
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/tcpwrappers/hosts.allow
============================================================================
$ cvs diff -u -r0 -r1.1 hosts.allow
--- /dev/null 2003-10-21 12:09:13.000000000 +0200
+++ hosts.allow 2003-10-21 12:09:13.000000000 +0200
@@ -0,0 +1,34 @@
+##
+## hosts.allow -- TCP Wrappers Host Access Control List
+##
+
+# NOTE: The hosts.deny file is deprecated. Place both 'allow' and
+# 'deny' rules in the hosts.allow file. See hosts_options(5) for the
+# format of this file. hosts_access(5) no longer fully applies.
+
+# Start by allowing everything (this prevents the rest of the file
+# from working, so remove it when you need protection).
+# The rules here work on a "First match wins" basis.
+ALL : ALL : allow
+
+# OpenSSH sshd(8)
+#sshd : .evil.cracker.example.com : deny
+
+# Protect against simple DNS spoofing attacks by checking that the
+# forward and reverse records for the remote host match. If a mismatch
+# occurs, access is denied, and any positive ident response within 20
+# seconds is logged. No protection is afforded against DNS poisoning,
+# IP spoofing or more complicated attacks. Hosts with no reverse DNS
+# pass this rule.
+#ALL : PARANOID : RFC931 20 : deny
+
+# Allow anything from localhost. Note that an IP address (not a host
+# name) *MUST* be specified for portmap(8).
+#ALL : localhost 127.0.0.1 : allow
+#ALL : my.machine.example.com 192.168.0.1 : allow
+
+# The rest of the daemons are protected.
+ALL : ALL \
+ : severity auth.info \
+ : twist /bin/echo "You are not welcome to use %d from %h."
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/tcpwrappers/tcpwrappers.patch
============================================================================
$ cvs diff -u -r0 -r1.1 tcpwrappers.patch
--- /dev/null 2003-10-21 12:09:13.000000000 +0200
+++ tcpwrappers.patch 2003-10-21 12:09:13.000000000 +0200
@@ -0,0 +1,93 @@
+Index: Makefile
+--- Makefile.orig 2003-01-03 19:52:40.000000000 +0100
++++ Makefile 2003-10-21 12:08:03.000000000 +0200
+@@ -128,12 +128,12 @@
+ 386bsd netbsd bsdos:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
+- EXTRA_CFLAGS=VSYSLOG= all
++ EXTRA_CFLAGS= VSYSLOG= all
+
+ freebsd:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
+- EXTRA_CFLAGS=VSYSLOG= all
++ EXTRA_CFLAGS=-I. VSYSLOG= all
+
+ linux:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+Index: tcpd.h
+--- tcpd.h.orig 2003-01-05 02:15:59.000000000 +0100
++++ tcpd.h 2003-10-21 12:08:03.000000000 +0200
+@@ -7,6 +7,8 @@
+ #ifndef TCP_WRAPPERS_HEADER
+ #define TCP_WRAPPERS_HEADER
+
++#include <sys/types.h>
++#include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <netdb.h>
+
+Index: fix_options.c
+--- fix_options.c.orig 2003-01-05 02:27:10.000000000 +0100
++++ fix_options.c 2003-10-21 12:08:31.000000000 +0200
+@@ -47,7 +47,14 @@
+ clean_exit(request);
+ }
+ if (ADDR_FAM(&ss) == AF_INET) {
++#if defined(__FreeBSD__) || defined(__sun__)
++ unsigned char optbuf[BUFFER_SIZE / 3];
++ int optlen;
++ struct in_addr dummy;
++ unsigned char *ucp;
++#else
+ struct ip_opts optbuf;
++#endif
+ char lbuf[BUFFER_SIZE], *lp, *cp;
+ struct protoent *ip;
+ int optsize = sizeof(optbuf);
+@@ -65,9 +72,15 @@
+ * here was wrong.
+ */
+
++#if defined(__FreeBSD__) || defined(__sun__)
++#define ADDR_LEN sizeof(dummy.s_addr)
++ for (ucp = optbuf + ADDR_LEN; ucp < optbuf + optsize; ucp += optlen) {
++ u_char c = ucp[IPOPT_OPTVAL];
++#else
+ for (i = 0; (void *)&optbuf.ip_opts[i] - (void *)&optbuf <
+ optsize; ) {
+ u_char c = (u_char)optbuf.ip_opts[i];
++#endif
+ if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
+ syslog(LOG_WARNING,
+ "refused connect from %s with IP source routing options",
+@@ -77,7 +90,17 @@
+ }
+ if (c == IPOPT_EOL)
+ break;
++#if defined(__FreeBSD__) || defined(__sun__)
++ if (c == IPOPT_NOP)
++ optlen = 1;
++ else {
++ optlen = cp[IPOPT_OLEN];
++ if (optlen <= 0) /* Do not loop! */
++ break;
++ }
++#else
+ i += (c == IPOPT_NOP) ? 1 : (u_char)optbuf.ip_opts[i+1];
++#endif
+ }
+
+ lp = lbuf;
+Index: internal.h
+--- internal.h.orig 2003-01-05 00:37:53.000000000 +0100
++++ internal.h 2003-10-21 12:08:03.000000000 +0200
+@@ -7,6 +7,7 @@
+ #ifndef IMPL_HEADER
+ #define IMPL_HEADER
+
++#include <sys/types.h>
+ #include <sys/socket.h>
+ #include <stdio.h>
+ #include <string.h>
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/tcpwrappers/tcpwrappers.spec
============================================================================
$ cvs diff -u -r0 -r1.1 tcpwrappers.spec
--- /dev/null 2003-10-21 12:09:13.000000000 +0200
+++ tcpwrappers.spec 2003-10-21 12:09:13.000000000 +0200
@@ -0,0 +1,121 @@
+##
+## tcpwrappers.spec -- OpenPKG RPM Specification
+## Copyright (c) 2000-2003 The OpenPKG Project <http://www.openpkg.org/>
+## Copyright (c) 2000-2003 Ralf S. Engelschall <[EMAIL PROTECTED]>
+## Copyright (c) 2000-2003 Cable & Wireless <http://www.cw.com/>
+##
+## Permission to use, copy, modify, and distribute this software for
+## any purpose with or without fee is hereby granted, provided that
+## the above copyright notice and this permission notice appear in all
+## copies.
+##
+## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
+## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+## SUCH DAMAGE.
+##
+
+# package information
+Name: tcpwrappers
+Summary: TCP Wrappers Toolkit
+URL: http://www.web-insights.net/socket_wrappers/
+Vendor: Wietse Venema, Steve Grubb
+Packager: The OpenPKG Project
+Distribution: OpenPKG [EVAL]
+Group: Network
+License: BSD
+Version: 7.6k
+Release: 20031021
+
+# list of sources
+Source0:
http://www.web-insights.net/socket_wrappers/socket_wrappers-%{version}.tar.gz
+Source1: hosts.allow
+Patch0: tcpwrappers.patch
+
+# build information
+Prefix: %{l_prefix}
+BuildRoot: %{l_buildroot}
+BuildPreReq: OpenPKG, openpkg >= 20030103
+PreReq: OpenPKG, openpkg >= 20030103
+AutoReq: no
+AutoReqProv: no
+
+%description
+ The TCP Wrappers package allows you to monitor and filter incoming
+ requests for various network services. It provides tiny daemon
+ wrapper programs that can be installed without any changes to
+ existing software or to existing configuration files. The wrappers
+ report the name of the client host and of the requested service.
+ The wrappers do not exchange information with the client or server
+ applications, and impose no overhead on the actual conversation
+ between the client and server applications.
+
+ Additionally, the wrapper functionality is available as a C API
+ for use in other networking applications, too.
+
+ This package actually is based on Steve Grubb's revised version
+ (Socket Wrappers) of Wietse Venema's original TCP Wrappers.
+
+%prep
+ %setup -q -n socket_wrappers-%{version}
+ %patch -p0
+ chmod a+w Makefile.orig
+ %{l_shtool} subst \
+ -e 's;/etc/hosts\.deny;%{l_prefix}/etc/tcpwrappers/hosts.deny;g' \
+ -e 's;/etc/hosts\.allow;%{l_prefix}/etc/tcpwrappers/hosts.allow;g' \
+ Makefile
+
+%build
+ case "%{l_platform -t}" in
+ *-freebsd* ) platform="freebsd" ;;
+ *-linux* ) platform="linux" ;;
+ *-sunos* ) platform="sunos5" ;;
+ * ) platform="other" ;;
+ esac
+ %{l_make} %{l_mflags} \
+ $platform \
+ CC="%{l_cc} %{l_cflags -O}"
+
+%install
+ rm -rf $RPM_BUILD_ROOT
+ %{l_shtool} mkdir -f -p -m 755 \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/tcpwrappers \
+ $RPM_BUILD_ROOT%{l_prefix}/sbin \
+ $RPM_BUILD_ROOT%{l_prefix}/lib \
+ $RPM_BUILD_ROOT%{l_prefix}/include \
+ $RPM_BUILD_ROOT%{l_prefix}/man/man3 \
+ $RPM_BUILD_ROOT%{l_prefix}/man/man5 \
+ $RPM_BUILD_ROOT%{l_prefix}/man/man8
+ %{l_shtool} install -c -s -m 755 \
+ tcpd tcpdchk tcpdmatch try-from safe_finger \
+ $RPM_BUILD_ROOT%{l_prefix}/sbin/
+ %{l_shtool} install -c -m 644 \
+ tcpd.h $RPM_BUILD_ROOT%{l_prefix}/include/
+ %{l_shtool} install -c -m 644 \
+ libwrap.a $RPM_BUILD_ROOT%{l_prefix}/lib/
+ %{l_shtool} install -c -m 644 \
+ *.3 $RPM_BUILD_ROOT%{l_prefix}/man/man3/
+ %{l_shtool} install -c -m 644 \
+ *.5 $RPM_BUILD_ROOT%{l_prefix}/man/man5/
+ %{l_shtool} install -c -m 644 \
+ *.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/
+ %{l_shtool} install -c -m 644 \
+ %{SOURCE hosts.allow} \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/tcpwrappers/
+ %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
+ %{l_files_std} \
+ '%config %{l_prefix}/etc/tcpwrappers/*'
+
+%files -f files
+
+%clean
+ rm -rf $RPM_BUILD_ROOT
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.7093 -r1.7094 news.txt
--- openpkg-web/news.txt 21 Oct 2003 09:17:24 -0000 1.7093
+++ openpkg-web/news.txt 21 Oct 2003 10:09:11 -0000 1.7094
@@ -1,3 +1,4 @@
+21-Oct-2003: New package: P<tcpwrappers-7.6k-20031021>
21-Oct-2003: Upgraded package: P<perl-www-1.2.2-1.2.2>
21-Oct-2003: Upgraded package: P<perl-www-1.3.2-1.3.2>
21-Oct-2003: Upgraded package: P<perl-5.8.0-1.2.2>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
