1 |
commit: b6c98ac91a420c28f1f7c91c161daaab6fe93bb1 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Mar 24 19:20:43 2014 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Mar 24 19:37:09 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=b6c98ac9 |
7 |
|
8 |
sys-apps/tcp-wrappers: version bump |
9 |
|
10 |
Package-Manager: portage-2.2.8-r1 |
11 |
RepoMan-Options: --force |
12 |
|
13 |
--- |
14 |
.../files/tcp-wrappers-7.6-headers.patch | 295 +++++++++++++++++++++ |
15 |
.../files/tcp-wrappers-7.6-redhat-bug11881.patch | 35 +++ |
16 |
.../files/tcp-wrappers-7.6.22-remove-DECLS.patch | 22 ++ |
17 |
sys-apps/tcp-wrappers/metadata.xml | 6 + |
18 |
.../tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild | 99 +++++++ |
19 |
5 files changed, 457 insertions(+) |
20 |
|
21 |
diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch |
22 |
new file mode 100644 |
23 |
index 0000000..328a4a1 |
24 |
--- /dev/null |
25 |
+++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch |
26 |
@@ -0,0 +1,295 @@ |
27 |
+--- a/options.c |
28 |
++++ b/options.c |
29 |
+@@ -34,6 +34,8 @@ |
30 |
+ |
31 |
+ /* System libraries. */ |
32 |
+ |
33 |
++#include <unistd.h> |
34 |
++#include <stdlib.h> |
35 |
+ #include <sys/types.h> |
36 |
+ #include <sys/param.h> |
37 |
+ #include <sys/socket.h> |
38 |
+--- a/safe_finger.c |
39 |
++++ b/safe_finger.c |
40 |
+@@ -20,6 +20,11 @@ |
41 |
+ |
42 |
+ /* System libraries */ |
43 |
+ |
44 |
++#include <unistd.h> |
45 |
++#include <fcntl.h> |
46 |
++#include <stdlib.h> |
47 |
++#include <sys/wait.h> |
48 |
++#include <grp.h> |
49 |
+ #include <sys/types.h> |
50 |
+ #include <sys/stat.h> |
51 |
+ #include <signal.h> |
52 |
+@@ -27,7 +31,7 @@ |
53 |
+ #include <ctype.h> |
54 |
+ #include <pwd.h> |
55 |
+ |
56 |
+-extern void exit(); |
57 |
++int pipe_stdin(char **argv); |
58 |
+ |
59 |
+ /* Local stuff */ |
60 |
+ |
61 |
+--- a/scaffold.c |
62 |
++++ b/scaffold.c |
63 |
+@@ -10,6 +10,7 @@ |
64 |
+ |
65 |
+ /* System libraries. */ |
66 |
+ |
67 |
++#include <stdlib.h> |
68 |
+ #include <sys/types.h> |
69 |
+ #include <sys/stat.h> |
70 |
+ #include <sys/socket.h> |
71 |
+@@ -27,7 +27,4 @@ |
72 |
+ #endif |
73 |
+ |
74 |
+-#ifndef INET6 |
75 |
+-extern char *malloc(); |
76 |
+-#endif |
77 |
+ |
78 |
+ /* Application-specific. */ |
79 |
+--- a/shell_cmd.c |
80 |
++++ b/shell_cmd.c |
81 |
+@@ -14,6 +14,10 @@ |
82 |
+ |
83 |
+ /* System libraries. */ |
84 |
+ |
85 |
++#include <unistd.h> |
86 |
++#include <stdlib.h> |
87 |
++#include <fcntl.h> |
88 |
++#include <sys/wait.h> |
89 |
+ #include <sys/types.h> |
90 |
+ #include <sys/param.h> |
91 |
+ #include <signal.h> |
92 |
+@@ -25,8 +25,6 @@ |
93 |
+ #include <syslog.h> |
94 |
+ #include <string.h> |
95 |
+ |
96 |
+-extern void exit(); |
97 |
+- |
98 |
+ /* Local stuff. */ |
99 |
+ |
100 |
+ #include "tcpd.h" |
101 |
+--- a/tcpdchk.c |
102 |
++++ b/tcpdchk.c |
103 |
+@@ -20,6 +20,8 @@ |
104 |
+ |
105 |
+ /* System libraries. */ |
106 |
+ |
107 |
++#include <unistd.h> |
108 |
++#include <stdlib.h> |
109 |
+ #include <sys/types.h> |
110 |
+ #include <sys/stat.h> |
111 |
+ #ifdef INET6 |
112 |
+@@ -35,10 +36,7 @@ |
113 |
+ #include <netdb.h> |
114 |
+ #include <string.h> |
115 |
+ |
116 |
+-extern int errno; |
117 |
+-extern void exit(); |
118 |
+-extern int optind; |
119 |
+-extern char *optarg; |
120 |
++int cidr_mask_addr(char *str); |
121 |
+ |
122 |
+ #ifndef INADDR_NONE |
123 |
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ |
124 |
+--- a/clean_exit.c |
125 |
++++ b/clean_exit.c |
126 |
+@@ -13,8 +13,8 @@ |
127 |
+ #endif |
128 |
+ |
129 |
+ #include <stdio.h> |
130 |
+- |
131 |
+-extern void exit(); |
132 |
++#include <unistd.h> |
133 |
++#include <stdlib.h> |
134 |
+ |
135 |
+ #include "tcpd.h" |
136 |
+ |
137 |
+--- a/hosts_access.c |
138 |
++++ b/hosts_access.c |
139 |
+@@ -23,6 +23,7 @@ |
140 |
+ |
141 |
+ /* System libraries. */ |
142 |
+ |
143 |
++#include <stdlib.h> |
144 |
+ #include <sys/types.h> |
145 |
+ #ifdef INT32_T |
146 |
+ typedef uint32_t u_int32_t; |
147 |
+@@ -43,8 +44,8 @@ |
148 |
+ #include <netdb.h> |
149 |
+ #endif |
150 |
+ |
151 |
+-extern char *fgets(); |
152 |
+-extern int errno; |
153 |
++static int match_pattern_ylo(const char *s, const char *pattern); |
154 |
++int cidr_mask_addr(char *str); |
155 |
+ |
156 |
+ #ifndef INADDR_NONE |
157 |
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ |
158 |
+--- a/inetcf.c |
159 |
++++ b/inetcf.c |
160 |
+@@ -9,15 +9,14 @@ |
161 |
+ static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23"; |
162 |
+ #endif |
163 |
+ |
164 |
++#include <stdlib.h> |
165 |
+ #include <sys/types.h> |
166 |
+ #include <sys/stat.h> |
167 |
+ #include <stdio.h> |
168 |
+ #include <errno.h> |
169 |
+ #include <string.h> |
170 |
+ |
171 |
+-extern int errno; |
172 |
+-extern void exit(); |
173 |
+- |
174 |
++#include "scaffold.h" |
175 |
+ #include "tcpd.h" |
176 |
+ #include "inetcf.h" |
177 |
+ |
178 |
+--- a/percent_x.c |
179 |
++++ b/percent_x.c |
180 |
+@@ -16,12 +16,12 @@ |
181 |
+ |
182 |
+ /* System libraries. */ |
183 |
+ |
184 |
++#include <unistd.h> |
185 |
++#include <stdlib.h> |
186 |
+ #include <stdio.h> |
187 |
+ #include <syslog.h> |
188 |
+ #include <string.h> |
189 |
+ |
190 |
+-extern void exit(); |
191 |
+- |
192 |
+ /* Local stuff. */ |
193 |
+ |
194 |
+ #include "tcpd.h" |
195 |
+--- a/rfc931.c |
196 |
++++ b/rfc931.c |
197 |
+@@ -15,6 +15,7 @@ |
198 |
+ |
199 |
+ /* System libraries. */ |
200 |
+ |
201 |
++#include <unistd.h> |
202 |
+ #include <stdio.h> |
203 |
+ #include <syslog.h> |
204 |
+ #include <sys/types.h> |
205 |
+--- a/tcpd.c |
206 |
++++ b/tcpd.c |
207 |
+@@ -16,6 +16,7 @@ |
208 |
+ |
209 |
+ /* System libraries. */ |
210 |
+ |
211 |
++#include <unistd.h> |
212 |
+ #include <sys/types.h> |
213 |
+ #include <sys/param.h> |
214 |
+ #include <sys/stat.h> |
215 |
+@@ -39,6 +39,8 @@ |
216 |
+ #include "patchlevel.h" |
217 |
+ #include "tcpd.h" |
218 |
+ |
219 |
++void fix_options(struct request_info *request); |
220 |
++ |
221 |
+ int allow_severity = SEVERITY; /* run-time adjustable */ |
222 |
+ int deny_severity = LOG_WARNING; /* ditto */ |
223 |
+ |
224 |
+--- a/tcpdmatch.c |
225 |
++++ b/tcpdmatch.c |
226 |
+@@ -19,6 +19,8 @@ |
227 |
+ |
228 |
+ /* System libraries. */ |
229 |
+ |
230 |
++#include <unistd.h> |
231 |
++#include <stdlib.h> |
232 |
+ #include <sys/types.h> |
233 |
+ #include <sys/stat.h> |
234 |
+ #include <sys/socket.h> |
235 |
+@@ -30,9 +32,6 @@ |
236 |
+ #include <setjmp.h> |
237 |
+ #include <string.h> |
238 |
+ |
239 |
+-extern void exit(); |
240 |
+-extern int optind; |
241 |
+-extern char *optarg; |
242 |
+ |
243 |
+ #ifndef INADDR_NONE |
244 |
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ |
245 |
+--- a/update.c |
246 |
++++ b/update.c |
247 |
+@@ -19,6 +19,7 @@ |
248 |
+ |
249 |
+ /* System libraries */ |
250 |
+ |
251 |
++#include <unistd.h> |
252 |
+ #include <stdio.h> |
253 |
+ #include <syslog.h> |
254 |
+ #include <string.h> |
255 |
+--- a/misc.c |
256 |
++++ b/misc.c |
257 |
+@@ -14,11 +14,10 @@ |
258 |
+ #include <arpa/inet.h> |
259 |
+ #include <stdio.h> |
260 |
+ #include <string.h> |
261 |
++#include <stdlib.h> |
262 |
+ |
263 |
+ #include "tcpd.h" |
264 |
+ |
265 |
+-extern char *fgets(); |
266 |
+- |
267 |
+ #ifndef INADDR_NONE |
268 |
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ |
269 |
+ #endif |
270 |
+--- a/fix_options.c |
271 |
++++ b/fix_options.c |
272 |
+@@ -32,6 +32,7 @@ |
273 |
+ |
274 |
+ /* fix_options - get rid of IP-level socket options */ |
275 |
+ |
276 |
++void |
277 |
+ fix_options(request) |
278 |
+ struct request_info *request; |
279 |
+ { |
280 |
+@@ -38,11 +38,8 @@ |
281 |
+ #ifdef IP_OPTIONS |
282 |
+ unsigned char optbuf[BUFFER_SIZE / 3], *cp; |
283 |
+ char lbuf[BUFFER_SIZE], *lp; |
284 |
+-#ifdef __GLIBC__ |
285 |
+- size_t optsize = sizeof(optbuf), ipproto; |
286 |
+-#else |
287 |
+- int optsize = sizeof(optbuf), ipproto; |
288 |
+-#endif |
289 |
++ socklen_t optsize = sizeof(optbuf); |
290 |
++ int ipproto; |
291 |
+ struct protoent *ip; |
292 |
+ int fd = request->fd; |
293 |
+ unsigned int opt; |
294 |
+--- a/socket.c |
295 |
++++ b/socket.c |
296 |
+@@ -95,11 +95,7 @@ |
297 |
+ static struct sockaddr_in client; |
298 |
+ static struct sockaddr_in server; |
299 |
+ #endif |
300 |
+-#ifdef __GLIBC__ |
301 |
+- size_t len; |
302 |
+-#else |
303 |
+- int len; |
304 |
+-#endif |
305 |
++ socklen_t len; |
306 |
+ char buf[BUFSIZ]; |
307 |
+ int fd = request->fd; |
308 |
+ |
309 |
+@@ -430,11 +426,7 @@ |
310 |
+ #else |
311 |
+ struct sockaddr_in sin; |
312 |
+ #endif |
313 |
+-#ifdef __GLIBC__ |
314 |
+- size_t size = sizeof(sin); |
315 |
+-#else |
316 |
+- int size = sizeof(sin); |
317 |
+-#endif |
318 |
++ socklen_t size; |
319 |
+ |
320 |
+ /* |
321 |
+ * Eat up the not-yet received datagram. Some systems insist on a |
322 |
|
323 |
diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch |
324 |
new file mode 100644 |
325 |
index 0000000..4a68476 |
326 |
--- /dev/null |
327 |
+++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch |
328 |
@@ -0,0 +1,35 @@ |
329 |
+--- tcp_wrappers_7.6/tcpd.c.bug11881 |
330 |
++++ tcp_wrappers_7.6/tcpd.c |
331 |
+@@ -60,10 +60,10 @@ |
332 |
+ */ |
333 |
+ |
334 |
+ if (argv[0][0] == '/') { |
335 |
+- strcpy(path, argv[0]); |
336 |
++ strncpy(path, argv[0], sizeof(path)); |
337 |
+ argv[0] = strrchr(argv[0], '/') + 1; |
338 |
+ } else { |
339 |
+- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]); |
340 |
++ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]); |
341 |
+ } |
342 |
+ |
343 |
+ /* |
344 |
+--- tcp_wrappers_7.6/eval.c.bug11881 |
345 |
++++ tcp_wrappers_7.6/eval.c |
346 |
+@@ -111,7 +111,7 @@ |
347 |
+ return (hostinfo); |
348 |
+ #endif |
349 |
+ if (STR_NE(eval_user(request), unknown)) { |
350 |
+- sprintf(both, "%s@%s", request->user, hostinfo); |
351 |
++ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo); |
352 |
+ return (both); |
353 |
+ } else { |
354 |
+ return (hostinfo); |
355 |
+@@ -128,7 +128,7 @@ |
356 |
+ char *daemon = eval_daemon(request); |
357 |
+ |
358 |
+ if (STR_NE(host, unknown)) { |
359 |
+- sprintf(both, "%s@%s", daemon, host); |
360 |
++ snprintf(both, sizeof(both), "%s@%s", daemon, host); |
361 |
+ return (both); |
362 |
+ } else { |
363 |
+ return (daemon); |
364 |
|
365 |
diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch |
366 |
new file mode 100644 |
367 |
index 0000000..0fbd5ed |
368 |
--- /dev/null |
369 |
+++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch |
370 |
@@ -0,0 +1,22 @@ |
371 |
+diff -Naur tcp_wrappers_7.6.orig/tcpd.h tcp_wrappers_7.6/tcpd.h |
372 |
+--- tcp_wrappers_7.6.orig/tcpd.h 2014-03-24 18:39:52.000000000 +0000 |
373 |
++++ tcp_wrappers_7.6/tcpd.h 2014-03-24 18:48:21.000000000 +0000 |
374 |
+@@ -11,7 +11,9 @@ |
375 |
+ #include <netinet/in.h> |
376 |
+ #include <stdio.h> |
377 |
+ |
378 |
++#ifdef __cplusplus |
379 |
+ __BEGIN_DECLS |
380 |
++#endif |
381 |
+ |
382 |
+ /* Structure to describe one communications endpoint. */ |
383 |
+ |
384 |
+@@ -252,6 +254,8 @@ |
385 |
+ extern char *my_strtok(); |
386 |
+ #endif |
387 |
+ |
388 |
++#ifdef __cplusplus |
389 |
+ __END_DECLS |
390 |
++#endif |
391 |
+ |
392 |
+ #endif |
393 |
|
394 |
diff --git a/sys-apps/tcp-wrappers/metadata.xml b/sys-apps/tcp-wrappers/metadata.xml |
395 |
index 96a2d58..1cecd60 100644 |
396 |
--- a/sys-apps/tcp-wrappers/metadata.xml |
397 |
+++ b/sys-apps/tcp-wrappers/metadata.xml |
398 |
@@ -2,4 +2,10 @@ |
399 |
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
400 |
<pkgmetadata> |
401 |
<herd>base-system</herd> |
402 |
+<use> |
403 |
+ <flag name='netgroups'> |
404 |
+ Support matching NIS (host) netgroup names via the @netgroup syntax |
405 |
+ (if you don't know what this means, you most likely need want it) |
406 |
+ </flag> |
407 |
+</use> |
408 |
</pkgmetadata> |
409 |
|
410 |
diff --git a/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild b/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild |
411 |
new file mode 100644 |
412 |
index 0000000..98e3f4c |
413 |
--- /dev/null |
414 |
+++ b/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild |
415 |
@@ -0,0 +1,99 @@ |
416 |
+# Copyright 1999-2014 Gentoo Foundation |
417 |
+# Distributed under the terms of the GNU General Public License v2 |
418 |
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r1.ebuild,v 1.7 2014/03/16 17:17:09 maekke Exp $ |
419 |
+ |
420 |
+EAPI="4" |
421 |
+ |
422 |
+inherit eutils toolchain-funcs versionator flag-o-matic multilib-minimal |
423 |
+ |
424 |
+MY_PV=$(get_version_component_range 1-2) |
425 |
+DEB_PV=$(get_version_component_range 3) |
426 |
+MY_P="${PN//-/_}_${MY_PV}" |
427 |
+DESCRIPTION="TCP Wrappers" |
428 |
+HOMEPAGE="ftp://ftp.porcupine.org/pub/security/index.html" |
429 |
+SRC_URI="ftp://ftp.porcupine.org/pub/security/${MY_P}.tar.gz |
430 |
+ mirror://debian/pool/main/t/${PN}/${PN}_${MY_PV}.q-${DEB_PV}.debian.tar.gz" |
431 |
+ |
432 |
+LICENSE="tcp_wrappers_license" |
433 |
+SLOT="0" |
434 |
+KEYWORDS="amd64 arm ~mips x86" |
435 |
+IUSE="ipv6 netgroups static-libs" |
436 |
+ |
437 |
+RDEPEND=" |
438 |
+ abi_x86_32? ( |
439 |
+ !<=app-emulation/emul-linux-x86-baselibs-20131008-r4 |
440 |
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] |
441 |
+ )" |
442 |
+ |
443 |
+S=${WORKDIR}/${MY_P} |
444 |
+ |
445 |
+src_prepare() { |
446 |
+ EPATCH_OPTS="-p1" \ |
447 |
+ epatch $(sed -e 's:^:../debian/patches/:' ../debian/patches/series) |
448 |
+ epatch "${FILESDIR}"/${PN}-7.6-headers.patch |
449 |
+ epatch "${FILESDIR}"/${PN}-7.6-redhat-bug11881.patch |
450 |
+ epatch "${FILESDIR}"/${PN}-7.6.22-remove-DECLS.patch |
451 |
+ |
452 |
+ multilib_copy_sources |
453 |
+} |
454 |
+ |
455 |
+temake() { |
456 |
+ local mycppflags="-DHAVE_WEAKSYMS -DHAVE_STRERROR -DSYS_ERRLIST_DEFINED" |
457 |
+ use ipv6 && mycppflags+=" -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" |
458 |
+ emake \ |
459 |
+ REAL_DAEMON_DIR="${EPREFIX}"/usr/sbin \ |
460 |
+ TLI= VSYSLOG= PARANOID= BUGS= \ |
461 |
+ AUTH="-DALWAYS_RFC931" \ |
462 |
+ AUX_OBJ="weak_symbols.o" \ |
463 |
+ DOT="-DAPPEND_DOT" \ |
464 |
+ HOSTNAME="-DALWAYS_HOSTNAME" \ |
465 |
+ NETGROUP=$(usex netgroups -DNETGROUPS "") \ |
466 |
+ STYLE="-DPROCESS_OPTIONS" \ |
467 |
+ LIBS=$(usex netgroups -lnsl "") \ |
468 |
+ LIB=$(usex static-libs libwrap.a "") \ |
469 |
+ AR="$(tc-getAR)" ARFLAGS=rc \ |
470 |
+ CC="$(tc-getCC)" \ |
471 |
+ RANLIB="$(tc-getRANLIB)" \ |
472 |
+ COPTS="${CFLAGS} ${CPPFLAGS} ${mycppflags}" \ |
473 |
+ LDFLAGS="${LDFLAGS}" \ |
474 |
+ "$@" || die |
475 |
+} |
476 |
+ |
477 |
+multilib_src_configure() { |
478 |
+ tc-export AR RANLIB |
479 |
+ temake config-check |
480 |
+} |
481 |
+ |
482 |
+multilib_src_compile() { |
483 |
+ temake all |
484 |
+} |
485 |
+ |
486 |
+multilib_src_install() { |
487 |
+ into /usr |
488 |
+ use static-libs && dolib.a libwrap.a |
489 |
+ dolib.so shared/libwrap.so* |
490 |
+ |
491 |
+ insinto /usr/include |
492 |
+ doins tcpd.h |
493 |
+ |
494 |
+ if multilib_build_binaries; then |
495 |
+ gen_usr_ldscript -a wrap |
496 |
+ dosbin tcpd tcpdchk tcpdmatch safe_finger try-from |
497 |
+ fi |
498 |
+} |
499 |
+ |
500 |
+multilib_src_install_all() { |
501 |
+ doman *.[358] |
502 |
+ dosym hosts_access.5 /usr/share/man/man5/hosts.allow.5 |
503 |
+ dosym hosts_access.5 /usr/share/man/man5/hosts.deny.5 |
504 |
+ |
505 |
+ insinto /etc |
506 |
+ newins "${FILESDIR}"/hosts.allow.example hosts.allow |
507 |
+ |
508 |
+ dodoc BLURB CHANGES DISCLAIMER README* |
509 |
+} |
510 |
+ |
511 |
+pkg_preinst() { |
512 |
+ # don't clobber people with our default example config |
513 |
+ [[ -e ${EROOT}/etc/hosts.allow ]] && cp -pP "${EROOT}"/etc/hosts.allow "${ED}"/etc/hosts.allow |
514 |
+} |