Package: tcp-wrappers / 7.6.q-27

Metadata

Package Version Patches format
tcp-wrappers 7.6.q-27 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
00_man_quoting.diff | (download)

hosts_access.5 | 6 3 + 3 - 0 !
hosts_options.5 | 2 1 + 1 - 0 !
tcpdmatch.8 | 10 5 + 5 - 0 !
3 files changed, 9 insertions(+), 9 deletions(-)

---
00_man_typos | (download)

hosts_access.5 | 2 1 + 1 - 0 !
tcpdchk.8 | 2 1 + 1 - 0 !
tcpdmatch.8 | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

---
01_man_portability | (download)

hosts_access.3 | 2 1 + 1 - 0 !
hosts_access.5 | 11 6 + 5 - 0 !
hosts_options.5 | 10 4 + 6 - 0 !
inetcf.c | 4 4 + 0 - 0 !
tcpd.8 | 26 15 + 11 - 0 !
tcpdchk.8 | 10 4 + 6 - 0 !
tcpdmatch.8 | 5 2 + 3 - 0 !
7 files changed, 36 insertions(+), 32 deletions(-)

---
05_wildcard_matching | (download)

hosts_access.5 | 4 4 + 0 - 0 !
hosts_access.c | 81 81 + 0 - 0 !
2 files changed, 85 insertions(+)

---
06_fix_gethostbyname | (download)

socket.c | 11 8 + 3 - 0 !
1 file changed, 8 insertions(+), 3 deletions(-)

---
10_usagi ipv6 | (download)

Makefile | 31 26 + 5 - 0 !
fix_options.c | 19 19 + 0 - 0 !
hosts_access.5 | 9 8 + 1 - 0 !
hosts_access.c | 138 138 + 0 - 0 !
misc.c | 22 22 + 0 - 0 !
refuse.c | 5 5 + 0 - 0 !
rfc931.c | 64 64 + 0 - 0 !
scaffold.c | 57 57 + 0 - 0 !
scaffold.h | 4 4 + 0 - 0 !
socket.c | 197 197 + 0 - 0 !
tcpd.c | 5 5 + 0 - 0 !
tcpd.h | 4 4 + 0 - 0 !
tcpdchk.c | 41 41 + 0 - 0 !
tcpdmatch.c | 61 61 + 0 - 0 !
tli.c | 28 28 + 0 - 0 !
update.c | 8 8 + 0 - 0 !
workarounds.c | 11 11 + 0 - 0 !
17 files changed, 698 insertions(+), 6 deletions(-)

---
11_tcpd_blacklist | (download)

hosts_access.5 | 7 7 + 0 - 0 !
hosts_access.c | 22 22 + 0 - 0 !
tcpdchk.c | 24 24 + 0 - 0 !
3 files changed, 53 insertions(+)

 tcp wrapper blacklist extension
Followup-To: poster
Date: 8 Sep 1997 18:53:13 -0400
Organization: Wietse's hangout while on sabattical in the USA
Lines: 147
Sender: wietse@spike.porcupine.org
Message-ID: <5v1vkp$h4f$1@spike.porcupine.org>
NNTP-Posting-Host: spike.porcupine.org
Xref: news.porcupine.org comp.mail.sendmail:3541 comp.security.unix:7158

The patch below adds a new host pattern to the TCP Wrapper access
control language. Instead of a host name or address pattern, you
can specify an external /file/name with host name or address
patterns.   The feature can be used recursively.

The /file/name extension makes it easy to blacklist bad sites, for
example, to block unwanted electronic mail when libwrap is linked
into sendmail.  Adding hosts to a simple text file is much easier
than having to edit a more complex hosts.allow/deny file.

I developed this a year or so ago as a substitute for NIS netgroups.
At that time, I did not consider it of sufficient interest for
inclusion in the TCP Wrapper distribution. How times have changed.

The patch is relative to TCP Wrappers version 7.6. The main archive
site is ftp://ftp.win.tue.nl/pub/security/tcp_wrappers_7.6.tar.gz

Thanks to the Debian LINUX folks for expressing their interest in
this patch.

	Wietse


11_usagi_fix | (download)

hosts_access.c | 16 9 + 7 - 0 !
socket.c | 2 1 + 1 - 0 !
2 files changed, 10 insertions(+), 8 deletions(-)

---
12_makefile_config | (download)

Makefile | 21 14 + 7 - 0 !
1 file changed, 14 insertions(+), 7 deletions(-)

---
13_shlib_weaksym | (download)

Makefile | 57 41 + 16 - 0 !
libwrap.lds | 4 4 + 0 - 0 !
tcpd.h | 71 48 + 23 - 0 !
weak_symbols.c | 10 10 + 0 - 0 !
4 files changed, 103 insertions(+), 39 deletions(-)

---
14_cidr_support | (download)

hosts_access.5 | 4 4 + 0 - 0 !
hosts_access.c | 3 2 + 1 - 0 !
misc.c | 14 14 + 0 - 0 !
tcpdchk.c | 4 2 + 2 - 0 !
4 files changed, 22 insertions(+), 3 deletions(-)

---
15_match_clarify | (download)

hosts_access.5 | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---
aclexec | (download)

hosts_access.c | 9 9 + 0 - 0 !
hosts_options.5 | 17 17 + 0 - 0 !
options.c | 53 53 + 0 - 0 !
3 files changed, 79 insertions(+)

---
expand_remote_port | (download)

eval.c | 22 22 + 0 - 0 !
hosts_access.5 | 2 2 + 0 - 0 !
percent_x.c | 2 2 + 0 - 0 !
tcpd.h | 5 5 + 0 - 0 !
4 files changed, 31 insertions(+)

---
catch sigchld | (download)

shell_cmd.c | 54 51 + 3 - 0 !
1 file changed, 51 insertions(+), 3 deletions(-)

---
fix_warnings | (download)

fix_options.c | 4 2 + 2 - 0 !
options.c | 1 1 + 0 - 0 !
scaffold.c | 1 1 + 0 - 0 !
3 files changed, 4 insertions(+), 2 deletions(-)

---
have_strerror | (download)

percent_m.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---
man_fromhost | (download)

hosts_access.3 | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---
more_man_pages | (download)

safe_finger.8 | 34 34 + 0 - 0 !
try-from.8 | 28 28 + 0 - 0 !
2 files changed, 62 insertions(+)

---
match_port | (download)

hosts_access.5 | 2 1 + 1 - 0 !
hosts_access.c | 34 32 + 2 - 0 !
2 files changed, 33 insertions(+), 3 deletions(-)

---
restore_sigalarm | (download)

rfc931.c | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

---
rfc931.diff | (download)

scaffold.c | 13 10 + 3 - 0 !
tcpd.h | 4 4 + 0 - 0 !
2 files changed, 14 insertions(+), 3 deletions(-)

---
safe_finger | (download)

safe_finger.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

---
sig_fix | (download)

hosts_access.c | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

---
siglongjmp | (download)

rfc931.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

---
size_t | (download)

fix_options.c | 5 5 + 0 - 0 !
socket.c | 8 8 + 0 - 0 !
2 files changed, 13 insertions(+)

---
tcpdchk_libwrapped | (download)

tcpdchk.c | 22 20 + 2 - 0 !
1 file changed, 20 insertions(+), 2 deletions(-)

---
fix_static | (download)

workarounds.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
fix_parsing_long_lines | (download)

hosts_access.c | 4 3 + 1 - 0 !
misc.c | 2 2 + 0 - 0 !
2 files changed, 5 insertions(+), 1 deletion(-)

 fix parsing of lines longer than 2047 characters
 If a line in /etc/hosts.{allow,deny} is longer than BUFLEN-1 (2047)
 characters then len will be set to 1 at the end of the xgets() loop.
 .
 At the next iteration, fgets will be passed a buffer of length 1, so it
 will only be able to read an empty string (the buffer must always have
 space for the trailing NUL).
 .
 strlen(3) on the empty string will return 0, so len will not be modified
 anymore and the last step will repeat forever.
 .
 To reproduce:
 perl -e 'print "#sshd: " . ("127.0.0.1, " x 210) . "\n"' > hosts.deny
 tcpdmatch -d test localhost
initgroups | (download)

options.c | 23 19 + 4 - 0 !
safe_finger.c | 2 2 + 0 - 0 !
2 files changed, 21 insertions(+), 4 deletions(-)

---
ignore_missing_inetdconf | (download)

inetcf.c | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

---
fix_warnings2 | (download)

clean_exit.c | 1 1 + 0 - 0 !
fakelog.c | 8 4 + 4 - 0 !
hosts_access.c | 4 4 + 0 - 0 !
inetcf.c | 1 1 + 0 - 0 !
misc.c | 1 1 + 0 - 0 !
options.c | 1 1 + 0 - 0 !
percent_x.c | 1 1 + 0 - 0 !
rfc931.c | 1 1 + 0 - 0 !
safe_finger.c | 9 8 + 1 - 0 !
tcpd.c | 5 4 + 1 - 0 !
tcpdchk.c | 4 4 + 0 - 0 !
tcpdmatch.c | 1 1 + 0 - 0 !
try-from.c | 2 1 + 1 - 0 !
update.c | 1 1 + 0 - 0 !
14 files changed, 33 insertions(+), 7 deletions(-)

---